CVE-2018-7755Sensitive Information Exposure in Linux

CWE-200Sensitive Information Exposure26 documents8 sources
Severity
5.5MEDIUMNVD
OSV7.8OSV7.1
EPSS
0.0%
top 99.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelDebian LinuxCanonical Ubuntu Linux
Timeline
PublishedMar 8
Latest updateMay 14

Description

An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

Debianlinux/linux_kernel< 4.18.10-1+3
Ubuntulinux/linux_kernel< 3.13.0-153.203+3
NVDlinux/linux_kernel4.15.7
debiandebian/linux< linux 4.18.10-1 (bookworm)

Also affects: Ubuntu Linux 12.04, 14.04, 16.04, 17.10, 18.04

🔴Vulnerability Details

11
GHSA
GHSA-446x-f9hh-hqmm: An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy2022-05-14
Kernel
floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl2018-09-20
OSV
linux-hwe, linux-azure, linux-gcp regression2018-07-21
OSV
linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem regression2018-07-21
OSV
linux-hwe, linux-azure vulnerabilities2018-07-02

📋Vendor Advisories

12
Ubuntu
Linux kernel regression2018-07-21
Ubuntu
Linux kernel (HWE) regression2018-07-21
Ubuntu
Linux kernel vulnerabilities2018-07-02
Ubuntu
Linux kernel vulnerabilities2018-07-02
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities2018-07-02

💬Community

2
Bugzilla
CVE-2018-7755 kernel: Information exposure in fd_locked_ioctl function in drivers/block/floppy.c2018-03-08
Bugzilla
CVE-2018-7755 kernel: Information exposure in fd_locked_ioctl function in drivers/block/floppy.c [fedora-all]2018-03-08