Vulnerability CVE-2018-7755: Information

Description

An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-7755
Published: March 8, 2018
Modified: Oct. 4, 2018
Error type identifier: CWE-200

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
kernel-image-std-defsisyphus4.14.76-alt16.1.87-alt1ALT-PU-2018-2502-1214987Fixed
kernel-image-std-defp104.14.76-alt15.10.213-alt1ALT-PU-2018-2502-1214987Fixed
kernel-image-std-defp94.14.76-alt15.4.274-alt1ALT-PU-2018-2502-1214987Fixed
kernel-image-std-defp84.9.131-alt0.M80P.14.9.337-alt0.M80P.1ALT-PU-2018-2441-1214064Fixed
kernel-image-std-defc9f24.14.76-alt15.10.214-alt0.c9f.2ALT-PU-2018-2502-1214987Fixed
kernel-image-std-defc74.4.183-alt0.M70C.14.4.277-alt0.M70C.1ALT-PU-2019-2175-1233233Fixed
kernel-image-std-paec9f24.4.161-alt14.19.72-alt1ALT-PU-2018-2492-1214991Fixed
kernel-image-un-defsisyphus4.16.0-alt16.6.28-alt1ALT-PU-2018-1557-1203434Fixed
kernel-image-un-defp104.16.0-alt16.1.85-alt1ALT-PU-2018-1557-1203434Fixed
kernel-image-un-defp94.16.0-alt15.10.215-alt1ALT-PU-2018-1557-1203434Fixed
kernel-image-un-defp84.14.74-alt0.M80P.14.19.310-alt0.M80P.1ALT-PU-2018-2438-1214063Fixed
kernel-image-un-defc10f14.16.0-alt16.1.85-alt0.c10f.1ALT-PU-2018-1557-1203434Fixed
kernel-image-un-defc9f24.16.0-alt15.10.29-alt2ALT-PU-2018-1557-1203434Fixed
kernel-image-un-defc74.9.277-alt0.M70C.14.9.277-alt0.M70C.1ALT-PU-2021-3032-1281292Fixed
usbipsisyphus5.10-alt15.10-alt1ALT-PU-2023-1798-1320453Fixed
usbipsisyphus_e2k5.10-alt15.10-alt1ALT-PU-2023-7452-1-Fixed
usbipp105.10-alt15.10-alt1ALT-PU-2023-1903-1320461Fixed
usbipp10_e2k5.10-alt15.10-alt1ALT-PU-2023-7498-1-Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://lkml.org/lkml/2018/3/7/1116
  • Exploit
  • Third Party Advisory
USN-3698-2
  • Third Party Advisory
USN-3697-2
  • Third Party Advisory
USN-3697-1
  • Third Party Advisory
USN-3696-2
  • Third Party Advisory
USN-3696-1
  • Third Party Advisory
USN-3695-2
  • Third Party Advisory
USN-3695-1
  • Third Party Advisory
USN-3698-1
  • Third Party Advisory
DSA-4308
    [debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update
      RHSA-2019:2043
        RHSA-2019:2029

            1. Configuration 1

              cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
              End including
              4.15.7

              Configuration 2

              cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
              cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
              cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
              cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
              cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
          VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
          Version: v24.4.2
          Back to top