CVE-2021-20261

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. The impact of this issue is lessened by the fact that the default permissions on the floppy device (/dev/fd0) are restricted to root. If the permissions on the device have changed the impact changes greatly. In the default configuration root (or equivalent) permissions are required to attack this flaw.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1932150

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a0c80efe5956ccce9fe7ae5c78542578c07bc20a

Details

Source: MITRE

Published: 2021-03-11

Updated: 2021-03-19

Type: CWE-362

Risk Information

CVSS v2

Base Score: 4.4

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.4

Severity: MEDIUM

CVSS v3

Base Score: 6.4

Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 0.5

Severity: MEDIUM

Tenable Plugins

View all (8 total)

IDNameProductFamilySeverity
153271EulerOS 2.0 SP2 : kernel (EulerOS-SA-2021-2392)NessusHuawei Local Security Checks
high
151897Slackware 14.2 : Slackware 14.2 kernel (SSA:2021-202-01)NessusSlackware Local Security Checks
high
150550SUSE SLES11 Security Update : kernel (SUSE-SU-2021:14724-1)NessusSuSE Local Security Checks
medium
150463OracleVM 3.4 : Unbreakable / etc (OVMSA-2021-0016)NessusOracleVM Local Security Checks
high
149587EulerOS 2.0 SP5 : kernel (EulerOS-SA-2021-1904)NessusHuawei Local Security Checks
high
149296Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9215)NessusOracle Linux Local Security Checks
high
149098EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-1808)NessusHuawei Local Security Checks
high
148498Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4904-1)NessusUbuntu Local Security Checks
medium