CVE-2020-9383

Name of the Vulnerable Software and Affected Versions Linux kernel versions 3.16 through 5.5.6

Description An issue in the Linux kernel leads to an out-of-bounds read because the FDC index is not checked for errors before assigning it. This issue is related to the set fdc function in drivers/block/floppy.c. Additionally, there is a buffer overflow issue in the rwsem down write slowpath function in kernel/locking/rwsem.c, which can allow an attacker to disclose protected information or cause a denial of service.

Recommendations For Linux kernel versions 3.16 through 5.5.6, consider disabling the set fdc function in drivers/block/floppy.c as a temporary workaround until a patch is available. Restrict access to the rwsem down write slowpath function in kernel/locking/rwsem.c to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.