First published: Fri Feb 21 2020(Updated: )
An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel-rt | <0:3.10.0-1160.rt56.1131.el7 | 0:3.10.0-1160.rt56.1131.el7 |
redhat/kernel-alt | <0:4.14.0-115.21.2.el7a | 0:4.14.0-115.21.2.el7a |
redhat/kernel | <0:3.10.0-1160.el7 | 0:3.10.0-1160.el7 |
ubuntu/linux | <4.15.0-99.100 | 4.15.0-99.100 |
ubuntu/linux | <5.3.0-51.44 | 5.3.0-51.44 |
ubuntu/linux | <5.6~ | 5.6~ |
ubuntu/linux | <4.4.0-178.208 | 4.4.0-178.208 |
ubuntu/linux-aws | <4.15.0-1066.70 | 4.15.0-1066.70 |
ubuntu/linux-aws | <5.3.0-1017.18 | 5.3.0-1017.18 |
ubuntu/linux-aws | <4.4.0-1066.70 | 4.4.0-1066.70 |
ubuntu/linux-aws | <5.6~ | 5.6~ |
ubuntu/linux-aws | <4.4.0-1106.117 | 4.4.0-1106.117 |
ubuntu/linux-aws-5.0 | <5.6~ | 5.6~ |
ubuntu/linux-aws-5.3 | <5.3.0-1017.18~18.04.1 | 5.3.0-1017.18~18.04.1 |
ubuntu/linux-aws-5.3 | <5.6~ | 5.6~ |
ubuntu/linux-aws-hwe | <5.6~ | 5.6~ |
ubuntu/linux-aws-hwe | <4.15.0-1066.70~16.04.1 | 4.15.0-1066.70~16.04.1 |
ubuntu/linux-azure | <5.3.0-1020.21 | 5.3.0-1020.21 |
ubuntu/linux-azure | <5.6~ | 5.6~ |
ubuntu/linux-azure | <4.15.0-1082.92~16.04.1 | 4.15.0-1082.92~16.04.1 |
ubuntu/linux-azure-4.15 | <5.6~ | 5.6~ |
ubuntu/linux-azure-5.3 | <5.3.0-1020.21~18.04.1 | 5.3.0-1020.21~18.04.1 |
ubuntu/linux-azure-5.3 | <5.6~ | 5.6~ |
ubuntu/linux-azure-edge | <5.6~ | 5.6~ |
ubuntu/linux-gcp | <5.3.0-1018.19 | 5.3.0-1018.19 |
ubuntu/linux-gcp | <5.6~ | 5.6~ |
ubuntu/linux-gcp | <4.15.0-1061.65 | 4.15.0-1061.65 |
ubuntu/linux-gcp-4.15 | <5.6~ | 5.6~ |
ubuntu/linux-gcp-5.3 | <5.3.0-1018.19~18.04.1 | 5.3.0-1018.19~18.04.1 |
ubuntu/linux-gcp-5.3 | <5.6~ | 5.6~ |
ubuntu/linux-gcp-edge | <5.6~ | 5.6~ |
ubuntu/linux-gke-4.15 | <4.15.0-1058.61 | 4.15.0-1058.61 |
ubuntu/linux-gke-4.15 | <5.6~ | 5.6~ |
ubuntu/linux-gke-5.0 | <5.0.0-1035.36 | 5.0.0-1035.36 |
ubuntu/linux-gke-5.0 | <5.6~ | 5.6~ |
ubuntu/linux-gke-5.3 | <5.3.0-1018.19~18.04.1 | 5.3.0-1018.19~18.04.1 |
ubuntu/linux-gke-5.3 | <5.6~ | 5.6~ |
ubuntu/linux-hwe | <5.3.0-51.44~18.04.2 | 5.3.0-51.44~18.04.2 |
ubuntu/linux-hwe | <5.6~ | 5.6~ |
ubuntu/linux-hwe | <4.15.0-99.100~16.04.1 | 4.15.0-99.100~16.04.1 |
ubuntu/linux-hwe-edge | <5.6~ | 5.6~ |
ubuntu/linux-kvm | <4.15.0-1059.60 | 4.15.0-1059.60 |
ubuntu/linux-kvm | <5.3.0-1016.17 | 5.3.0-1016.17 |
ubuntu/linux-kvm | <5.6~ | 5.6~ |
ubuntu/linux-kvm | <4.4.0-1070.77 | 4.4.0-1070.77 |
ubuntu/linux-lts-trusty | <5.6~ | 5.6~ |
ubuntu/linux-lts-xenial | <4.4.0-178.208~14.04.1 | 4.4.0-178.208~14.04.1 |
ubuntu/linux-lts-xenial | <5.6~ | 5.6~ |
ubuntu/linux-oem | <4.15.0-1080.90 | 4.15.0-1080.90 |
ubuntu/linux-oem | <5.6~ | 5.6~ |
ubuntu/linux-oem-5.6 | <5.6~ | 5.6~ |
ubuntu/linux-oem-osp1 | <5.0.0-1050.55 | 5.0.0-1050.55 |
ubuntu/linux-oem-osp1 | <5.6~ | 5.6~ |
ubuntu/linux-oracle | <4.15.0-1038.42 | 4.15.0-1038.42 |
ubuntu/linux-oracle | <5.3.0-1016.18 | 5.3.0-1016.18 |
ubuntu/linux-oracle | <5.6~ | 5.6~ |
ubuntu/linux-oracle | <4.15.0-1038.42~16.04.1 | 4.15.0-1038.42~16.04.1 |
ubuntu/linux-oracle-5.0 | <5.6~ | 5.6~ |
ubuntu/linux-oracle-5.3 | <5.3.0-1016.18~18.04.1 | 5.3.0-1016.18~18.04.1 |
ubuntu/linux-oracle-5.3 | <5.6~ | 5.6~ |
ubuntu/linux-raspi | <5.6~ | 5.6~ |
ubuntu/linux-raspi2 | <4.15.0-1061.65 | 4.15.0-1061.65 |
ubuntu/linux-raspi2 | <5.3.0-1023.25 | 5.3.0-1023.25 |
ubuntu/linux-raspi2 | <5.6~ | 5.6~ |
ubuntu/linux-raspi2 | <4.4.0-1132.141 | 4.4.0-1132.141 |
ubuntu/linux-raspi2-5.3 | <5.3.0-1023.25~18.04.1 | 5.3.0-1023.25~18.04.1 |
ubuntu/linux-raspi2-5.3 | <5.6~ | 5.6~ |
ubuntu/linux-riscv | <5.6~ | 5.6~ |
ubuntu/linux-snapdragon | <4.15.0-1077.84 | 4.15.0-1077.84 |
ubuntu/linux-snapdragon | <5.6~ | 5.6~ |
ubuntu/linux-snapdragon | <4.4.0-1136.144 | 4.4.0-1136.144 |
Linux Linux kernel | >=3.16<=5.5.6 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
openSUSE Leap | =15.1 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =19.10 | |
Netapp Active Iq Unified Manager Vmware Vsphere | ||
Netapp Cloud Backup | ||
Netapp Data Availability Services | ||
Netapp Hci Management Node | ||
Netapp Solidfire | ||
Netapp Steelstore Cloud Integrated Storage | ||
Netapp Solidfire Baseboard Management Controller Firmware | ||
Netapp Solidfire Baseboard Management Controller | ||
Netapp H410c Firmware | ||
Netapp H410c | ||
All of | ||
Netapp Solidfire Baseboard Management Controller Firmware | ||
Netapp Solidfire Baseboard Management Controller | ||
All of | ||
Netapp H410c Firmware | ||
Netapp H410c | ||
debian/linux | 4.19.249-2 4.19.304-1 5.10.209-2 5.10.216-1 6.1.76-1 6.1.90-1 6.7.12-1 |
Mitigation for this issue is to skip loading the affected floppy driver module onto the system till we have a fix available, this can be done by a blacklist mechanism, this will ensure the driver is not loaded at the boot time. ~~~ How do I blacklist a kernel module to prevent it from loading automatically? https://access.redhat.com/solutions/41278 ~~~
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)