CVE-2018-7755

{"id": "CVE-2018-7755", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2018-03-08T07:29:01.330", "references": [{"url": "https://access.redhat.com/errata/RHSA-2019:2029", "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2043", "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html", "source": "cve@mitre.org"}, {"url": "https://lkml.org/lkml/2018/3/7/1116", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3695-1/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3695-2/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3696-1/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3696-2/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3697-1/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3697-2/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3698-1/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3698-2/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.debian.org/security/2018/dsa-4308", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR."}, {"lang": "es", "value": "Se descubri\u00f3 un fallo de seguridad en la funci\u00f3n fd_locked_ioct en drivers/block/floppy.c en el kernel de Linux hasta la versi\u00f3n 4.15.7. La unidad de disquete copiar\u00e1 un puntero kernel a la memoria del usuario en respuesta a la llamada IOCTL FDGETPRM. Un atacante puede enviar la llamada IOCTL FDGETPRM y utilizar el puntero de kernel obtenido para descubrir la ubicaci\u00f3n de los datos y el c\u00f3digo del kernel y omitir medidas de seguridad de kernel como KASLR."}], "lastModified": "2018-10-04T10:29:16.687", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87875BCC-05C4-4C72-AB6B-5FD9E4E74521", "versionEndIncluding": "4.15.7"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "vulnerable": true, "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}