CVE-2018-7273

MEDIUM

Linux Kernel < 4.15.4 - Information Disclosure

Title source: rule

Description

In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR.

Exploits (2)

exploitdb WORKING POC

by Gregory Draperi · clocallinux

https://www.exploit-db.com/exploits/44325

View Code ZIP pw:eip

nomisec WORKING POC

by jedai47 · poc

https://github.com/jedai47/CVE-2018-7273

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/103088

[Mailing List, Third Party Advisory] https://lkml.org/lkml/2018/2/20/669

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/44325/

Scores

CVSS v3 5.5

EPSS 0.0168

EPSS Percentile 82.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (1)

linux/linux_kernel < 4.15.4

Published Feb 21, 2018

Tracked Since Feb 18, 2026