An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Canonical
  • Ubuntu Linux
Debian
  • Debian Linux
Linux
  • Linux Kernel
Netapp
  • Active Iq Unified Manager
  • Cloud Backup
  • Data Availability Services
  • H410c
  • H410c Firmware
  • Hci Management Node
  • Solidfire
  • Solidfire Baseboard Management Controller
  • Solidfire Baseboard Management Controller Firmware
  • Steelstore Cloud Integrated Storage
Opensuse
  • Leap
Redhat
  • Enterprise Linux
  • Rhel Extras Rt

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 7
kernel-rt-0:3.10.0-1160.rt56.1131.el7 cpe:/a:redhat:rhel_extras_rt:7 RHSA-2020:4062 2020-09-29T00:00:00Z
kernel-alt-0:4.14.0-115.21.2.el7a cpe:/o:redhat:enterprise_linux:7 RHSA-2020:2104 2020-05-12T00:00:00Z
kernel-0:3.10.0-1160.el7 cpe:/o:redhat:enterprise_linux:7 RHSA-2020:4060 2020-09-29T00:00:00Z
References
Link Providers
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html cve-icon cve-icon
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=2f9ac30a54dc0181ddac3705cdcf4775d863c530 cve-icon cve-icon
https://github.com/torvalds/linux/commit/2e90ca68b0d2f5548804f22f0dd61145516171e3 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2020-9383 cve-icon
https://security.netapp.com/advisory/ntap-20200313-0003/ cve-icon cve-icon
https://usn.ubuntu.com/4342-1/ cve-icon cve-icon
https://usn.ubuntu.com/4344-1/ cve-icon cve-icon
https://usn.ubuntu.com/4345-1/ cve-icon cve-icon
https://usn.ubuntu.com/4346-1/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2020-9383 cve-icon
https://www.debian.org/security/2020/dsa-4698 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-02-25T15:48:11

Updated: 2024-08-04T10:26:16.064Z

Reserved: 2020-02-24T00:00:00

Link: CVE-2020-9383

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2020-02-25T16:15:11.500

Modified: 2022-10-29T02:34:32.930

Link: CVE-2020-9383

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-02-21T00:00:00Z

Links: CVE-2020-9383 - Bugzilla