OpenCVE

An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Linux	Linux Kernel
Netapp	Active Iq Unified Manager Cloud Backup Data Availability Services H410c H410c Firmware Hci Management Node Solidfire Solidfire Baseboard Management Controller Solidfire Baseboard Management Controller Firmware Steelstore Cloud Integrated Storage
Opensuse	Leap
Redhat	Enterprise Linux Rhel Extras Rt

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 3 [-]

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 4 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:19.10:::::::*

Configuration 5 [-]

OR	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:cloud_backup:-:::::::*
	cpe:2.3:a:netapp:data_availability_services:-:::::::*
	cpe:2.3:a:netapp:hci_management_node:-:::::::*
	cpe:2.3:a:netapp:solidfire:-:::::::*
	cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::*

Configuration 6 [-]

AND

cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*

cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
kernel-rt-0:3.10.0-1160.rt56.1131.el7	cpe:/a:redhat:rhel_extras_rt:7	RHSA-2020:4062	2020-09-29T00:00:00Z
kernel-alt-0:4.14.0-115.21.2.el7a	cpe:/o:redhat:enterprise_linux:7	RHSA-2020:2104	2020-05-12T00:00:00Z
kernel-0:3.10.0-1160.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2020:4060	2020-09-29T00:00:00Z

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=2f9ac30a54dc0181ddac3705cdcf4775d863c530
https://github.com/torvalds/linux/commit/2e90ca68b0d2f5548804f22f0dd61145516171e3
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
https://nvd.nist.gov/vuln/detail/CVE-2020-9383
https://security.netapp.com/advisory/ntap-20200313-0003/
https://usn.ubuntu.com/4342-1/
https://usn.ubuntu.com/4344-1/
https://usn.ubuntu.com/4345-1/
https://usn.ubuntu.com/4346-1/
https://www.cve.org/CVERecord?id=CVE-2020-9383
https://www.debian.org/security/2020/dsa-4698

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-02-25T15:48:11

Updated: 2024-08-04T10:26:16.064Z

Reserved: 2020-02-24T00:00:00

Link: CVE-2020-9383

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-02-25T16:15:11.500

Modified: 2022-10-29T02:34:32.930

Link: CVE-2020-9383

Redhat

Severity : Moderate

Publid Date: 2020-02-21T00:00:00Z

Links: CVE-2020-9383 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object