5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
30.7%
An issue was discovered in the fd_locked_ioctl function in
drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy
driver will copy a kernel pointer to user memory in response to the
FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the
obtained kernel pointer to discover the location of kernel code and data
and bypass kernel security protections such as KASLR.
Author | Note |
---|---|
sbeattie | drivers/block/floppy.c::fd_locked_ioctl() |
apw | the above patch mirrors the modifications from the compat path though leaving the name as per the user. Not progressing upstream. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1011.11 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-aws | < 4.4.0-1024.25 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws | < 4.4.0-1062.71 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure | < 4.15.0-1014.14 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-azure | < 4.15.0-1014.14~16.04.1 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-azure-edge | < 4.15.0-1014.14 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-gcp | < 4.15.0-1010.10 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-gcp | < 4.15.0-1014.14~16.04.1 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-hwe | < 4.15.0-24.26~16.04.1 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-hwe-edge | < 4.15.0-24.26~16.04.1 | UNKNOWN |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7755
launchpad.net/bugs/cve/CVE-2018-7755
lkml.org/lkml/2018/3/7/1116
nvd.nist.gov/vuln/detail/CVE-2018-7755
security-tracker.debian.org/tracker/CVE-2018-7755
ubuntu.com/security/notices/USN-3695-1
ubuntu.com/security/notices/USN-3695-2
ubuntu.com/security/notices/USN-3696-1
ubuntu.com/security/notices/USN-3696-2
ubuntu.com/security/notices/USN-3697-1
ubuntu.com/security/notices/USN-3697-2
ubuntu.com/security/notices/USN-3698-1
ubuntu.com/security/notices/USN-3698-2
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
30.7%