CVE-2018-7273 -- linux-imageID: oval:org.secpod.oval:def:2000225 | Date: (C)2019-04-22 (M)2021-06-02 |
Class: VULNERABILITY | Family: unix |
In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR.
Platform: |
Debian 8.x |
Debian 9.x |
Product: |
linux-image-4.9 |
linux-image-3.16 |