Linux Kernel up to 5.5.6 drivers/block/floppy.c set_fdc out-of-bounds

| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.1 | $0-$5k | 0.00 |
Summary
A vulnerability described as critical has been identified in Linux Kernel up to 5.5.6. Affected is the function set_fdc of the file drivers/block/floppy.c. Such manipulation leads to out-of-bounds.
This vulnerability is uniquely identified as CVE-2020-9383. Local access is required to approach this attack. No exploit exists.
Details
A vulnerability was found in Linux Kernel up to 5.5.6 (Operating System) and classified as critical. Affected by this issue is the function set_fdc of the file drivers/block/floppy.c. The manipulation with an unknown input leads to a out-of-bounds vulnerability. Using CWE to declare the problem leads to CWE-125. The product reads data past the end, or before the beginning, of the intended buffer. Impacted is confidentiality, integrity, and availability. CVE summarizes:
An issue was discovered in the Linux kernel through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.
The weakness was disclosed 02/25/2020 by Jordy Zomer (GitHub Repository). The advisory is shared for download at github.com. This vulnerability is handled as CVE-2020-9383 since 02/24/2020. The attack needs to be approached locally. No form of authentication is required for exploitation. There are known technical details, but no exploit is available.
The vulnerability scanner Nessus provides a plugin with the ID 208643 (CentOS 7 : kernel-alt (RHSA-2020:2104)), which helps to determine the existence of the flaw in a target environment.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
The vulnerability is also documented in the vulnerability database at Tenable (208643). The entry VDB-150513 is pretty similar. VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.2VulDB Meta Temp Score: 6.0
VulDB Base Score: 5.3
VulDB Temp Score: 4.9
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.1
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Out-of-boundsCWE: CWE-125 / CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 208643
Nessus Name: CentOS 7 : kernel-alt (RHSA-2020:2104)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔍
Patch: git.kernel.org
Timeline
02/24/2020 🔍02/25/2020 🔍
02/26/2020 🔍
10/12/2024 🔍
Sources
Vendor: kernel.orgAdvisory: 2e90ca68b0d2f5548804f22f0dd61145516171e3
Researcher: Jordy Zomer
Status: Not defined
Confirmation: 🔍
CVE: CVE-2020-9383 (🔍)
GCVE (CVE): GCVE-0-2020-9383
GCVE (VulDB): GCVE-100-150512
See also: 🔍
Entry
Created: 02/26/2020 08:01Updated: 10/12/2024 05:18
Changes: 02/26/2020 08:01 (37), 03/02/2020 14:36 (22), 04/02/2024 23:30 (22), 04/02/2024 23:41 (1), 10/12/2024 05:18 (5)
Complete: 🔍
Committer: jordyzomer
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.