Description
An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.
References (13)
Core 13
Core References
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3695-1/
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3696-1/
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3695-2/
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3697-1/
Exploit, Third Party Advisory x_refsource_misc
https://lkml.org/lkml/2018/3/7/1116
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3697-2/
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2018/dsa-4308
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3698-1/
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3696-2/
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3698-2/
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2043
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:2029
Scores
CVSS v3
5.5
EPSS
0.0001
EPSS Percentile
0.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (6)
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
17.10
canonical/ubuntu_linux
18.04
linux/linux_kernel
< 4.15.7
Published
Mar 08, 2018
Tracked Since
Feb 18, 2026