Problem Description:
To implement one particular ioctl, the Linux emulation
code used a special interface present in the cd(4) driver
which allows it to copy subchannel information directly to
a kernel address. This interface was erroneously made
accessible to userland, allowing users with read access to
a cd(4) device to arbitrarily overwrite kernel memory when
some media is present in the device.
Impact:
A user in the operator group can make use of this interface
to gain root privileges on a system with a cd(4) device
when some media is present in the device.