APPLIED/X: [T/X/A/B/C] CVE-2018-7755 -- floppy ioctl FDGETPRM exposes kernel pointer
Juerg Haefliger
juerg.haefliger at canonical.com
Tue Jun 5 06:53:07 UTC 2018
Applied to xenial/master-next.
...Juerg
On 05/29/2018 03:38 PM, Andy Whitcroft wrote:
> CVE-2018-7755:
> An issue was discovered in the fd_locked_ioctl function in
> drivers/block/floppy.c in the Linux kernel through 4.15.7. The
> floppy driver will copy a kernel pointer to user memory in response
> to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and
> use the obtained kernel pointer to discover the location of kernel
> code and data and bypass kernel security protections such as KASLR.
>
> Ensure this pointer is not populated in the data as returned to
> userspace. Proposing for SRU to trusty, xenial, artful, bionic, and
> cosmic.
>
> -apw
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20180605/2fc5930a/attachment.sig>
More information about the kernel-team
mailing list