VDB

CVE-2018-7273

CVE-2018-7273 PUBLISHED

In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR.

EPSS 1.68% · 82.6th percentile

Risk Scores

EPSS Score
1.68%
82.6th percentile

Affected Products

VendorProductVersions
Ubuntu:16.04:LTSlinux-hwe0, *, *
Ubuntu:16.04:LTSlinux-azure4.11.0-1009.9, 4.11.0-1011.11, 4.11.0-1014.14
Ubuntu:Pro:16.04:LTSlinux4.4.0-103.126, 4.4.0-104.127, 4.4.0-108.131
Ubuntu:16.04:LTSlinux-gcp4.13.0-1019.23, 4.13.0-1015.19, 0
Ubuntu:Pro:14.04:LTSlinux-lts-xenial*, *, *
Ubuntu:Pro:14.04:LTSlinux3.13.0-71.114, 0, 3.11.0-12.19
Ubuntu:Pro:14.04:LTSlinux-aws4.4.0-1082.86, 4.4.0-1075.79, 0
Ubuntu:Pro:16.04:LTSlinux-kvm4.4.0-1023.28, 0, 4.4.0-1004.9
Ubuntu:Pro:16.04:LTSlinux-aws4.4.0-1062.71, 4.4.0-1057.66, 4.4.0-1055.64
Ubuntu:18.04:LTSlinux-snapdragon0, 4.4.0-1081.86, 4.4.0-1079.84

Exploit Intelligence

…and 6 more exploits

Timeline

  • Feb 21, 2018 CVE Published
  • Mar 22, 2018 PoC Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • May 2, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 5, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›