CVE-2018-7273
published 2018-02-21CVE-2018-7273: In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function…
PriorityP432medium5.5CVSS 3.0
AVLACLPRLUINSUCHINAN
EXPLOIT
EPSS
1.79%
75.7th percentile
In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 4.15.4-1 (bookworm) | linux 4.15.4-1 (bookworm) |
| linux | linux_kernel | <= 4.15.4 | — |
| linux | linux_kernel | >= 0 < 4.15.4-1 | 4.15.4-1 |
| linux | linux_kernel | >= 0 < 4.15.4-1 | 4.15.4-1 |
| linux | linux_kernel | >= 0 < 4.15.4-1 | 4.15.4-1 |
| linux | linux_kernel | >= 0 < 4.15.4-1 | 4.15.4-1 |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.9MEDIUMAV:L/AC:L/Au:N/C:C/I:N/A:N
osv5.5MEDIUM
vendor_debian5.5MEDIUM
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kernel: Kernel address information leak in drivers/block/floppy.c:show_floppy function potentially allowing KASLR bypass
vendor_redhat·2018-02-20·CVSS 5.5
CVE-2018-7273 [MEDIUM] CWE-200 kernel: Kernel address information leak in drivers/block/floppy.c:show_floppy function potentially allowing KASLR bypass
kernel: Kernel address information leak in drivers/block/floppy.c:show_floppy function potentially allowing KASLR bypass
In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR.
In the Linux kernel, through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and dat
Debian
CVE-2018-7273: linux - In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of k...
vendor_debian·2018·CVSS 5.5
CVE-2018-7273 [MEDIUM] CVE-2018-7273: linux - In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of k...
In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR.
Scope: local
bookworm: resolved (fixed in 4.15.4-1)
bullseye: resolved (fixed in 4.15.4-1)
forky: resolved (fixed in 4.15.4-1)
sid: resolved (fixed in 4.15.4-1)
trixie: resolved (fixed in 4.15.4-1)
GHSA
GHSA-749m-f23f-j6rq: In the Linux kernel through 4
ghsa_unreviewed·2022-05-14
CVE-2018-7273 [MEDIUM] CWE-200 GHSA-749m-f23f-j6rq: In the Linux kernel through 4
In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR.
OSV
CVE-2018-7273: In the Linux kernel through 4
osv·2018-02-21·CVSS 5.5
CVE-2018-7273 [MEDIUM] CVE-2018-7273: In the Linux kernel through 4
In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR.
No detection rules found.
Bugzilla
CVE-2018-7273 kernel: Kernel address information leak in drivers/block/floppy.c:show_floppy function potentially allowing KASLR bypass
bugzilla·2018-02-21·CVSS 5.5
CVE-2018-7273 [MEDIUM] CVE-2018-7273 kernel: Kernel address information leak in drivers/block/floppy.c:show_floppy function potentially allowing KASLR bypass
CVE-2018-7273 kernel: Kernel address information leak in drivers/block/floppy.c:show_floppy function potentially allowing KASLR bypass
In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR.
References:
https://lkml.org/lkml/2018/2/20/669
https://marc.info/?t=151916731000001&r=1&w=2
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1547386]
---
Statement:
This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Li
Bugzilla
CVE-2018-7273 kernel: Kernel address information leak in drivers/block/floppy.c:show_floppy function potentially allowing KASLR bypass [fedora-all]
bugzilla·2018-02-21·CVSS 5.5
CVE-2018-7273 [MEDIUM] CVE-2018-7273 kernel: Kernel address information leak in drivers/block/floppy.c:show_floppy function potentially allowing KASLR bypass [fedora-all]
CVE-2018-7273 kernel: Kernel address information leak in drivers/block/floppy.c:show_floppy function potentially allowing KASLR bypass [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg
2018-02-21
Published