PT-2019-3311 · Linux+5 · Linux Kernel+5

Publicado

2019-07-17

·

Atualizado

2021-05-28

·

CVE-2019-14283

CVSS v3.1

6.8

Média

VetorAV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.2.3
Description The issue is caused by an integer overflow and out-of-bounds read in the set geometry function in drivers/block/floppy.c. This can be triggered by an unprivileged local user when a floppy disk has been inserted. It may allow an attacker to cause a denial of service or disclose sensitive information.
Recommendations For Linux kernel versions prior to 5.2.3, update to version 5.2.3 or later to resolve the issue. As a temporary workaround, consider disabling the floppy disk driver to minimize the risk of exploitation. Restrict access to the floppy device to prevent unprivileged users from inserting floppy disks.

Correção

Integer Overflow

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190CWE-125

Identificadores relacionados

ALT-PU-2019-2339
ALT-PU-2019-2366
ALT-PU-2019-2488
ALT-PU-2019-2746
ALT-PU-2020-1198
ALT-PU-2020-1501
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2019-03410
CESA-2020_1016
CVE-2019-14283
DLA-1884-1
DLA-1885-1
DSA-4495-1
DSA-4497-1
OPENSUSE-SU-2019:1923-1
OPENSUSE-SU-2019:1924-1
OPENSUSE-SU-2019_1923-1
OPENSUSE-SU-2019_1924-1
RHSA-2020:1016
RHSA-2020:1070
RHSA-2020:2522
RHSA-2020_1016
RHSA-2020_1070
SUSE-SU-2019:14157-1
SUSE-SU-2019:2068-1
SUSE-SU-2019:2069-1
SUSE-SU-2019:2070-1
SUSE-SU-2019:2071-1
SUSE-SU-2019:2072-1
SUSE-SU-2019:2073-1
SUSE-SU-2019:2262-1
SUSE-SU-2019:2263-1
SUSE-SU-2019:2299-1
SUSE-SU-2019:2430-1
SUSE-SU-2019:2450-1
SUSE-SU-2019_14157-1
USN-4114-1
USN-4115-1
USN-4115-2
USN-4116-1
USN-4117-1
USN-4118-1

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu