Published: 21/02/2018 Updated: 01/03/2019

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 495

Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N

In the Linux kernel up to and including 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

In the Linux kernel, through 4154, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppyc An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protection ...

#include <sys/typesh> #include <sys/stath> #include <fcntlh> #include <stdioh> #include <stdlibh> #include <unistdh> #include <linux/kernelh> #include <stringh> #include <sys/mmanh> #include <linux/fdh> static int drive_selector(int head) { return (head << 2); ...

CWE-200 https://lkml.org/lkml/2018/2/20/669 http://www.securityfocus.com/bid/103088 https://www.exploit-db.com/exploits/44325/https://nvd.nist.gov https://www.exploit-db.com/exploits/44325/https://access.redhat.com/security/cve/cve-2018-7273

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-7273

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect