PT-2019-3311 · Linux+5 · Linux Kernel+5

Published

2019-07-17

·

Updated

2021-05-28

·

CVE-2019-14283

CVSS v3.1

6.8

Medium

VectorAV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.2.3
Description The issue is caused by an integer overflow and out-of-bounds read in the set geometry function in drivers/block/floppy.c. This can be triggered by an unprivileged local user when a floppy disk has been inserted. It may allow an attacker to cause a denial of service or disclose sensitive information.
Recommendations For Linux kernel versions prior to 5.2.3, update to version 5.2.3 or later to resolve the issue. As a temporary workaround, consider disabling the floppy disk driver to minimize the risk of exploitation. Restrict access to the floppy device to prevent unprivileged users from inserting floppy disks.

Fix

Integer Overflow

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-125

Related Identifiers

ALT-PU-2019-2339
ALT-PU-2019-2366
ALT-PU-2019-2488
ALT-PU-2019-2746
ALT-PU-2020-1198
ALT-PU-2020-1501
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2019-03410
CESA-2020_1016
CVE-2019-14283
DLA-1884-1
DLA-1885-1
DSA-4495-1
DSA-4497-1
OPENSUSE-SU-2019:1923-1
OPENSUSE-SU-2019:1924-1
OPENSUSE-SU-2019_1923-1
OPENSUSE-SU-2019_1924-1
RHSA-2020:1016
RHSA-2020:1070
RHSA-2020:2522
RHSA-2020_1016
RHSA-2020_1070
SUSE-SU-2019:14157-1
SUSE-SU-2019:2068-1
SUSE-SU-2019:2069-1
SUSE-SU-2019:2070-1
SUSE-SU-2019:2071-1
SUSE-SU-2019:2072-1
SUSE-SU-2019:2073-1
SUSE-SU-2019:2262-1
SUSE-SU-2019:2263-1
SUSE-SU-2019:2299-1
SUSE-SU-2019:2430-1
SUSE-SU-2019:2450-1
SUSE-SU-2019_14157-1
USN-4114-1
USN-4115-1
USN-4115-2
USN-4116-1
USN-4117-1
USN-4118-1

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu