Note:
This project will be discontinued after December 13, 2021. [more]
2018-02-20
In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR.
Products | Linux_kernel |
Type | Information Exposure (CWE-200) |
First patch | - None (likely due to unavailable code) |
Links |
• https://lkml.org/lkml/2018/2/20/669
• https://www.exploit-db.com/exploits/44325/ • http://www.securityfocus.com/bid/103088 |