[T/X/A/B/C] CVE-2018-7755 -- floppy ioctl FDGETPRM exposes kernel pointer

Andy Whitcroft apw at canonical.com
Tue May 29 13:38:26 UTC 2018

	An issue was discovered in the fd_locked_ioctl function in
	drivers/block/floppy.c in the Linux kernel through 4.15.7. The
	floppy driver will copy a kernel pointer to user memory in response
	to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and
	use the obtained kernel pointer to discover the location of kernel
	code and data and bypass kernel security protections such as KASLR.

Ensure this pointer is not populated in the data as returned to
userspace.  Proposing for SRU to trusty, xenial, artful, bionic, and


More information about the kernel-team mailing list