CVE-2018-7755: Infoleak
First published: Thu Mar 08 2018(Updated: )
An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | <=4.15.7 | |
| Canonical Ubuntu Linux | =12.04 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =17.10 | |
| Canonical Ubuntu Linux | =18.04 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/errata/RHSA-2019:2029
- https://access.redhat.com/errata/RHSA-2019:2043
- https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html
- https://lkml.org/lkml/2018/3/7/1116
- https://usn.ubuntu.com/3695-1/
- https://usn.ubuntu.com/3695-2/
- https://usn.ubuntu.com/3696-1/
- https://usn.ubuntu.com/3696-2/
- https://usn.ubuntu.com/3697-1/
- https://usn.ubuntu.com/3697-2/
- https://usn.ubuntu.com/3698-1/
- https://usn.ubuntu.com/3698-2/
- https://www.debian.org/security/2018/dsa-4308
- https://launchpad.net/bugs/cve/CVE-2018-7755
- https://marc.info/?l=linux-kernel&m=152046737321740&w=2
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1553217
- https://bugzilla.redhat.com/show_bug.cgi?id=1553216
- https://lkml.org/lkml/2018/5/29/495
- https://security-tracker.debian.org/tracker/CVE-2018-7755
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7755
- https://nvd.nist.gov/vuln/detail/CVE-2018-7755
- https://ubuntu.com/security/CVE-2018-7755
Frequently Asked Questions
What is CVE-2018-7755?
CVE-2018-7755 is a vulnerability that affects the Linux kernel through version 4.15.7.
How does CVE-2018-7755 affect the Linux kernel?
CVE-2018-7755 allows an attacker to copy a kernel pointer to user memory through the floppy driver's FDGETPRM ioctl.
What is the severity of CVE-2018-7755?
The severity of CVE-2018-7755 is low.
How can I fix CVE-2018-7755?
To fix CVE-2018-7755, update the Linux kernel to version 4.15.8 or later.
Where can I find more information about CVE-2018-7755?
You can find more information about CVE-2018-7755 on the following websites: [https://lkml.org/lkml/2018/3/7/1116](https://lkml.org/lkml/2018/3/7/1116), [https://marc.info/?l=linux-kernel&m=152046737321740&w=2](https://marc.info/?l=linux-kernel&m=152046737321740&w=2), [https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1553217](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1553217).
- collector/nvd-index
- agent/type
- agent/remedy
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-7755
- agent/author
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/first-publish-date
- agent/tags
- collector/usn-cve
- source/Ubuntu
- agent/description
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/trending
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/4.15.7
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/12.04
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/17.10
- version/canonical ubuntu linux/18.04
- package-manager/debian