CVE-2018-7273
Linux Kernel < 4.15.4 - 'show_floppy' KASLR Address Leak
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR.
En el kernel de Linux hasta la versión 4.15.4, el controlador del disquete revela las direcciones de las funciones del kernel y las variables globales empleando llamadas printk en la función show_floppy en drivers/block/floppy.c. Un atacante puede leer esta información de dmesg y emplear las direcciones para encontrar las localizaciones del código y los datos del kernel y omitir las protecciones de seguridad como KASLR.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-02-20 CVE Reserved
- 2018-02-21 CVE Published
- 2023-04-07 First Exploit
- 2024-08-05 CVE Updated
- 2024-08-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/103088 | Third Party Advisory | |
https://lkml.org/lkml/2018/2/20/669 | Mailing List |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/44325 | 2024-08-05 | |
https://github.com/jedai47/CVE-2018-7273 | 2023-04-07 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 4.15.4 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.15.4" | - |
Affected
|