Message ID | 20210224200101.9835-1-tim.gardner@canonical.com |
---|---|
Headers | show |
Series | CVE-2018-7273 | expand |
On 24.02.21 21:01, Tim Gardner wrote: > [Impact] > In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of > kernel functions and global variables using printk calls within the function > show_floppy in drivers/block/floppy.c. An attacker can read this information > from dmesg and use the addresses to find the locations of kernel code and data > and bypass kernel security protections such as KASLR. > > Canonical kernel team: According to the commit log there are thousands of call > sites using '%p', each of which could expose internal memory addresses. The > upstream solution was to hash all addresses printed using an unadorned '%p'. > This issue appears to be much broader then just the floppy disk driver. > > [Test Case] > Boot tested on bare metal. > > [Potential regression] > Simple backport. This patch was introduced in v4.15. > > Xenial has EOL'ed and we won't be applying further patches from this mailing-list. Thanks, Kleber