Brian Belleville

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.15.8 **Description** The issue is related to the `fd locked ioctl` function in the Linux kernel, specifically in the floppy driver. It allows an attacker to obtain a kernel pointer by sending the `FDGETPRM` ioctl, which can be used to discover the location of kernel code and data, potentially bypassing kernel security protections such as KASLR. This could lead to the disclosure of protected information. **Recommendations** For Linux kernel versions prior to 4.15.8, update to version 4.15.8 or later to resolve the issue. As a temporary workaround, consider disabling the floppy driver to minimize the risk of exploitation. Restrict access to the `fd locked ioctl` function in the floppy driver to prevent potential attacks. Avoid using the `FDGETPRM` ioctl until the issue is resolved.