CVE-2019-14283
kernel: integer overflow and OOB read in drivers/block/floppy.c
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default.
En el kernel de Linux anterior a versión 5.2.3, la función set_geometry en el archivo drivers/block/floppy.c, no comprueba los campos sect y head, como es demostrado mediante un desbordamiento de enteros y lectura fuera de límites. Puede ser activado por un usuario local sin privilegios cuando se ha insertado un disquete. NOTA: QEMU crea el dispositivo de disquete por defecto.
A vulnerability was found in the Linux kernel’s floppy disk driver implementation. A local attacker with access to the floppy device could call set_geometry in drivers/block/floppy.c, which does not validate the sect and head fields, causing an integer overflow and out-of-bounds read. This flaw may crash the system or allow an attacker to gather information causing subsequent successful attacks.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-07-26 CVE Reserved
- 2019-07-26 CVE Published
- 2023-05-30 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (23)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html | X_refsource_misc |
|
| http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html | X_refsource_misc |
|
| http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html | X_refsource_misc |
|
| https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html | Mailing List |
|
| https://seclists.org/bugtraq/2019/Aug/13 | Mailing List |
|
| https://seclists.org/bugtraq/2019/Aug/18 | Mailing List |
|
| https://seclists.org/bugtraq/2019/Aug/26 | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20190905-0002 | X_refsource_confirm |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html | 2019-08-11 | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html | 2019-08-11 | |
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3 | 2019-08-11 | |
| https://usn.ubuntu.com/4114-1 | 2019-08-11 | |
| https://usn.ubuntu.com/4115-1 | 2019-08-11 | |
| https://usn.ubuntu.com/4116-1 | 2019-08-11 | |
| https://usn.ubuntu.com/4117-1 | 2019-08-11 | |
| https://usn.ubuntu.com/4118-1 | 2019-08-11 | |
| https://www.debian.org/security/2019/dsa-4495 | 2019-08-11 | |
| https://www.debian.org/security/2019/dsa-4497 | 2019-08-11 | |
| https://access.redhat.com/security/cve/CVE-2019-14283 | 2020-06-11 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1734243 | 2020-06-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.2.3 Search vendor "Linux" for product "Linux Kernel" and version " < 5.2.3" | - |
Affected
| ||||||