CVE-2018-7755

An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

History

21 Nov 2024, 04:12

Type Values Removed Values Added
References () https://access.redhat.com/errata/RHSA-2019:2029 - () https://access.redhat.com/errata/RHSA-2019:2029 -
References () https://access.redhat.com/errata/RHSA-2019:2043 - () https://access.redhat.com/errata/RHSA-2019:2043 -
References () https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html - () https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html -
References () https://lkml.org/lkml/2018/3/7/1116 - Exploit, Third Party Advisory () https://lkml.org/lkml/2018/3/7/1116 - Exploit, Third Party Advisory
References () https://usn.ubuntu.com/3695-1/ - Third Party Advisory () https://usn.ubuntu.com/3695-1/ - Third Party Advisory
References () https://usn.ubuntu.com/3695-2/ - Third Party Advisory () https://usn.ubuntu.com/3695-2/ - Third Party Advisory
References () https://usn.ubuntu.com/3696-1/ - Third Party Advisory () https://usn.ubuntu.com/3696-1/ - Third Party Advisory
References () https://usn.ubuntu.com/3696-2/ - Third Party Advisory () https://usn.ubuntu.com/3696-2/ - Third Party Advisory
References () https://usn.ubuntu.com/3697-1/ - Third Party Advisory () https://usn.ubuntu.com/3697-1/ - Third Party Advisory
References () https://usn.ubuntu.com/3697-2/ - Third Party Advisory () https://usn.ubuntu.com/3697-2/ - Third Party Advisory
References () https://usn.ubuntu.com/3698-1/ - Third Party Advisory () https://usn.ubuntu.com/3698-1/ - Third Party Advisory
References () https://usn.ubuntu.com/3698-2/ - Third Party Advisory () https://usn.ubuntu.com/3698-2/ - Third Party Advisory
References () https://www.debian.org/security/2018/dsa-4308 - () https://www.debian.org/security/2018/dsa-4308 -

Information

Published : 2018-03-08 07:29

Updated : 2024-11-21 04:12


NVD link : CVE-2018-7755

Mitre link : CVE-2018-7755

CVE.ORG link : CVE-2018-7755


JSON object : View

Products Affected

canonical

  • ubuntu_linux

linux

  • linux_kernel
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor