[T/X/A/B/C] CVE-2018-7755 -- floppy ioctl FDGETPRM exposes kernel pointer
Andy Whitcroft
apw at canonical.com
Tue May 29 13:38:26 UTC 2018
CVE-2018-7755:
An issue was discovered in the fd_locked_ioctl function in
drivers/block/floppy.c in the Linux kernel through 4.15.7. The
floppy driver will copy a kernel pointer to user memory in response
to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and
use the obtained kernel pointer to discover the location of kernel
code and data and bypass kernel security protections such as KASLR.
Ensure this pointer is not populated in the data as returned to
userspace. Proposing for SRU to trusty, xenial, artful, bionic, and
cosmic.
-apw
More information about the kernel-team
mailing list