Bugzilla – Bug 1081972
VUL-1: CVE-2018-7273 kernel: Kernel address information leak in drivers/block/floppy.c:show_floppy function
Last modified: 2020-06-29 06:32:37 UTC
In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of
kernel functions and global variables using printk calls within the function
show_floppy in drivers/block/floppy.c. An attacker can read this information
from dmesg and use the addresses to find the locations of kernel code and data
and bypass kernel security protections such as KASLR.
Let's assign to the upstream floppy driver maintainer :)
It's the kernel address printing and in general no issue for our SLE kernels, so far.
Reassigned back to security team.
We are currently not planning to release this as bugfix upadte, as our kernels are still using known addresses.
Future SUSE versions will contain this fix.