PT-2019-3455 · Linux+3 · Linux Kernel+3

Denis Efremov

·

Publicado

2019-07-17

·

Atualizado

2021-05-28

·

CVE-2019-14284

CVSS v3.1

6.2

Média

VetorAV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.2.3
Description The issue is related to a division-by-zero error in the setup format params() function of the Linux kernel. This can be exploited to cause a denial of service. An unprivileged local user can trigger the bug by setting specific drive geometry values that result in F SECT PER TRACK being zero, followed by a floppy format operation. This can be done even without a floppy disk inserted, as QEMU creates the floppy device by default.
Recommendations For Linux kernel versions prior to 5.2.3, update to version 5.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the floppy device to minimize the risk of exploitation.

Correção

DoS

Divide By Zero

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-369

Identificadores relacionados

ALT-PU-2019-2339
ALT-PU-2019-2366
ALT-PU-2019-2488
ALT-PU-2019-2746
ALT-PU-2020-1198
ALT-PU-2020-1501
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2019-03628
CVE-2019-14284
DLA-1884-1
DLA-1885-1
DSA-4495-1
DSA-4497-1
OPENSUSE-SU-2019:1923-1
OPENSUSE-SU-2019:1924-1
OPENSUSE-SU-2019_1923-1
OPENSUSE-SU-2019_1924-1
SUSE-SU-2019:14157-1
SUSE-SU-2019:2068-1
SUSE-SU-2019:2069-1
SUSE-SU-2019:2070-1
SUSE-SU-2019:2071-1
SUSE-SU-2019:2072-1
SUSE-SU-2019:2073-1
SUSE-SU-2019:2262-1
SUSE-SU-2019:2263-1
SUSE-SU-2019:2299-1
SUSE-SU-2019:2430-1
SUSE-SU-2019:2450-1
SUSE-SU-2019_14157-1
USN-4114-1
USN-4115-1
USN-4115-2
USN-4116-1
USN-4117-1
USN-4118-1

Produtos afetados

Alt Linux
Linux Kernel
Suse
Ubuntu