Lucene search

K

[email protected]NVD:CVE-2019-14284

HistoryJul 26, 2019 - 1:15 p.m.

CVE-2019-14284

2019-07-2613:15:13

CWE-369

[email protected]

web.nvd.nist.gov

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.7%

In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default.

Affected configurations

NVD

Node

linuxlinux_kernelRange<5.2.3

References

lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html

lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html

packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html

packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html

cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f3554aeb991214cbfafd17d55e2bfddb50282e32

github.com/torvalds/linux/commit/f3554aeb991214cbfafd17d55e2bfddb50282e32

lists.debian.org/debian-lts-announce/2019/08/msg00016.html

lists.debian.org/debian-lts-announce/2019/08/msg00017.html

seclists.org/bugtraq/2019/Aug/13

seclists.org/bugtraq/2019/Aug/18

seclists.org/bugtraq/2019/Aug/26

security.netapp.com/advisory/ntap-20190905-0002/

usn.ubuntu.com/4114-1/

usn.ubuntu.com/4115-1/

usn.ubuntu.com/4116-1/

usn.ubuntu.com/4117-1/

usn.ubuntu.com/4118-1/

www.debian.org/security/2019/dsa-4495

www.debian.org/security/2019/dsa-4497

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.7%

Related for NVD:CVE-2019-14284

ubuntucve1 prion1 cve1 cvelist1 redhatcve1 debiancve1 oraclelinux4 nessus37 ubuntu6 openvas27 suse2 slackware1 photon6 debian6 ibm3 osv4 cloudfoundry2