[PATCH 0/1] [SRU xenial/linux] CVE-2018-7273
Tim Gardner
tim.gardner at canonical.com
Wed Feb 24 20:01:00 UTC 2021
[Impact]
In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of
kernel functions and global variables using printk calls within the function
show_floppy in drivers/block/floppy.c. An attacker can read this information
from dmesg and use the addresses to find the locations of kernel code and data
and bypass kernel security protections such as KASLR.
Canonical kernel team: According to the commit log there are thousands of call
sites using '%p', each of which could expose internal memory addresses. The
upstream solution was to hash all addresses printed using an unadorned '%p'.
This issue appears to be much broader then just the floppy disk driver.
[Test Case]
Boot tested on bare metal.
[Potential regression]
Simple backport. This patch was introduced in v4.15.
More information about the kernel-team
mailing list