cbcvebase.
CVE-2018-7273
published 2018-02-21

CVE-2018-7273: In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function…

PriorityP432medium5.5CVSS 3.0
AVLACLPRLUINSUCHINAN
EXPLOIT
EPSS
1.79%
75.7th percentile
In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianlinux< linux 4.15.4-1 (bookworm)linux 4.15.4-1 (bookworm)
linuxlinux_kernel<= 4.15.4
linuxlinux_kernel>= 0 < 4.15.4-14.15.4-1
linuxlinux_kernel>= 0 < 4.15.4-14.15.4-1
linuxlinux_kernel>= 0 < 4.15.4-14.15.4-1
linuxlinux_kernel>= 0 < 4.15.4-14.15.4-1

CVSS provenance

nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.9MEDIUMAV:L/AC:L/Au:N/C:C/I:N/A:N
osv5.5MEDIUM
vendor_debian5.5MEDIUM
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.