CVE-2020-9383

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.

References

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html

https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=2f9ac30a54dc0181ddac3705cdcf4775d863c530

https://github.com/torvalds/linux/commit/2e90ca68b0d2f5548804f22f0dd61145516171e3

https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html

https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html

https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html

https://security.netapp.com/advisory/ntap-20200313-0003/

https://usn.ubuntu.com/4342-1/

https://usn.ubuntu.com/4344-1/

https://usn.ubuntu.com/4345-1/

https://usn.ubuntu.com/4346-1/

https://www.debian.org/security/2020/dsa-4698

Details

Source: MITRE

Published: 2020-02-25

Updated: 2021-01-04

Type: CWE-125

Risk Information

CVSS v2

Base Score: 3.6

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P

Impact Score: 4.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 7.1

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Impact Score: 5.2

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 5.5.6 (inclusive)

Tenable Plugins

View all (37 total)

IDNameProductFamilySeverity
150557SUSE SLES11 Security Update : kernel (SUSE-SU-2020:14354-1)NessusSuSE Local Security Checks
critical
149336NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2021-0025)NessusNewStart CGSL Local Security Checks
medium
144831EulerOS Virtualization 3.0.2.6 : kernel (EulerOS-SA-2021-1056)NessusHuawei Local Security Checks
critical
141727Scientific Linux Security Update : kernel on SL7.x x86_64 (20201001)NessusScientific Linux Local Security Checks
high
141619CentOS 7 : kernel (CESA-2020:4060)NessusCentOS Local Security Checks
high
141057RHEL 7 : kernel (RHSA-2020:4060)NessusRed Hat Local Security Checks
high
141026RHEL 7 : kernel-rt (RHSA-2020:4062)NessusRed Hat Local Security Checks
high
138272SUSE SLES15 Security Update : kernel (SUSE-SU-2020:1663-1)NessusSuSE Local Security Checks
critical
137932EulerOS Virtualization 3.0.6.0 : kernel (EulerOS-SA-2020-1713)NessusHuawei Local Security Checks
medium
137516EulerOS 2.0 SP2 : kernel (EulerOS-SA-2020-1674)NessusHuawei Local Security Checks
critical
137340Debian DSA-4698-1 : linux - security updateNessusDebian Local Security Checks
medium
137339Debian DLA-2242-1 : linux-4.9 security updateNessusDebian Local Security Checks
medium
137283Debian DLA-2241-2 : linux security updateNessusDebian Local Security Checks
medium
137128OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0019)NessusOracleVM Local Security Checks
high
136782SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1275-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusSuSE Local Security Checks
critical
136661SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1255-1)NessusSuSE Local Security Checks
critical
136496RHEL 7 : kernel-alt (RHSA-2020:2104)NessusRed Hat Local Security Checks
high
136485Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5676)NessusOracle Linux Local Security Checks
medium
136388Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5670)NessusOracle Linux Local Security Checks
high
136239EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2020-1536)NessusHuawei Local Security Checks
critical
136166SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1142-1)NessusSuSE Local Security Checks
high
136165SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1141-1)NessusSuSE Local Security Checks
high
136089Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4346-1)NessusUbuntu Local Security Checks
high
136088Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4345-1)NessusUbuntu Local Security Checks
high
136087Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4344-1)NessusUbuntu Local Security Checks
medium
136085Ubuntu 18.04 LTS / 19.10 : Linux kernel vulnerabilities (USN-4342-1)NessusUbuntu Local Security Checks
high
136075SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:1123-1)NessusSuSE Local Security Checks
high
136026SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1119-1)NessusSuSE Local Security Checks
high
136025SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1118-1)NessusSuSE Local Security Checks
high
136022Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2020-5663)NessusOracle Linux Local Security Checks
high
135525EulerOS 2.0 SP3 : kernel (EulerOS-SA-2020-1396)NessusHuawei Local Security Checks
critical
135166SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:0836-1)NessusSuSE Local Security Checks
high
135129EulerOS Virtualization for ARM 64 3.0.6.0 : kernel (EulerOS-SA-2020-1342)NessusHuawei Local Security Checks
critical
135003openSUSE Security Update : the Linux Kernel (openSUSE-2020-388)NessusSuSE Local Security Checks
high
134971Slackware 14.2 : Slackware 14.2 kernel (SSA:2020-086-01)NessusSlackware Local Security Checks
critical
134799EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-1308)NessusHuawei Local Security Checks
high
134784EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1292)NessusHuawei Local Security Checks
high