LiveActive security incident?Get immediate response
CVE Record

CVE-2004-0813: Unknown vulnerability in the SG_IO functionality in ide-cd allows local users to bypass read-only access an...

Unknown vulnerability in the SG_IO functionality in ide-cd allows local users to bypass read-only access and perform unauthorized write and erase operations.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's Takeunknown

Analyst readout for executives and security teams

Plain-English summary

This old Linux kernel issue concerns SG_IO handling in ide-cd. A local user could bypass read-only expectations and perform unauthorized write or erase operations. Business urgency depends on whether legacy Linux or virtualization hosts expose affected CD device access to untrusted local users. The provided sources do not give CVSS, exact affected versions, or confirmed exploitation.

Executive priority

Handle as a legacy exposure review, not an emergency internet-facing incident. Prioritize environments with untrusted local users, shared hosting, labs, or old virtualization stacks. Because severity and affected versions are incomplete, the main business risk is unmanaged legacy infrastructure hiding in production.

Technical view

CVE-2004-0813 describes an unknown vulnerability in SG_IO functionality in ide-cd allowing local users to bypass read-only access controls. The bundle references Linux kernel and vendor advisories, including Red Hat, Gentoo, SGI, and VMware, but does not include root cause details, affected CPEs, fixed versions, or exploit mechanics.

Likely exposure

Exposure is most plausible on legacy Linux systems or products bundling affected kernels, especially where local users can access IDE CD devices. The source data lists no precise affected product or version, so validation must be asset-specific against vendor advisories and kernel package history.

Exploitation context

The bundle marks KEV as false, and no cited source here confirms active exploitation. The issue is local, not remote. Impact is unauthorized write or erase operations despite read-only access, with severity depending on device permissions, kernel version, and host role.

Researcher notes

The CVE record gives only a short behavioral description. Vendor references should be used to map package fixes, but the provided bundle does not expose exact affected ranges. Avoid overstating privilege escalation or active exploitation unless a vendor advisory independently supports it.

Mitigation direction

  • Check relevant vendor advisories for fixed kernel or product packages.
  • Prioritize legacy Red Hat, Gentoo, SGI, and VMware-related systems referenced by sources.
  • Restrict local access to CD or SG_IO-capable device nodes where feasible.
  • Retire or isolate unsupported kernels and virtualization hosts.
  • Do not assume modern systems are affected without package evidence.

Validation and detection

  • Inventory Linux kernels and virtualization products against vendor advisory identifiers.
  • Review local device permissions for IDE CD and SG_IO-capable paths.
  • Check patch history for kernel updates tied to CVE-2004-0813 or advisories.
  • Confirm whether untrusted local users or workloads can reach affected devices.
  • Document systems where evidence is inconclusive for manual vendor review.
Prepared
Confidence
medium
Sources
8

Based on public source material and reviewed before publication.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2004-0813 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
0Timeline events
0ADP providers
14Source links

CVSS and timeline data

No CVSS vectors or timeline events were available in the normalized CVE source material.

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/an/an/aListed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.