Vulnerability Details : CVE-2019-14284
In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default.
Vulnerability category: Denial of service
Products affected by CVE-2019-14284
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-14284
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 37 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-14284
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST | |
6.2
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.5
|
3.6
|
NIST |
CWE ids for CVE-2019-14284
-
The product divides a value by zero.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-14284
-
https://www.debian.org/security/2019/dsa-4495
Debian -- Security Information -- DSA-4495-1 linux
-
https://usn.ubuntu.com/4117-1/
USN-4117-1: Linux kernel (AWS) vulnerabilities | Ubuntu security notices
-
https://usn.ubuntu.com/4118-1/
USN-4118-1: Linux kernel (AWS) vulnerabilities | Ubuntu security notices
-
https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html
[SECURITY] [DLA 1884-1] linux security update
-
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f3554aeb991214cbfafd17d55e2bfddb50282e32
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Vendor Advisory
-
https://seclists.org/bugtraq/2019/Aug/26
Bugtraq: [slackware-security] Slackware 14.2 kernel (SSA:2019-226-01)
-
https://usn.ubuntu.com/4114-1/
USN-4114-1: Linux kernel vulnerabilities | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html
[security-announce] openSUSE-SU-2019:1924-1: important: Security update
-
https://usn.ubuntu.com/4116-1/
USN-4116-1: Linux kernel vulnerabilities | Ubuntu security notices
-
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3
Release Notes;Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html
[security-announce] openSUSE-SU-2019:1923-1: important: Security update
-
https://www.debian.org/security/2019/dsa-4497
Debian -- Security Information -- DSA-4497-1 linux
-
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
Kernel Live Patch Security Notice LSN-0058-1 ≈ Packet Storm
-
http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html
Kernel Live Patch Security Notice LSN-0055-1 ≈ Packet Storm
-
https://usn.ubuntu.com/4115-1/
USN-4115-1: Linux kernel vulnerabilities | Ubuntu security notices
-
https://security.netapp.com/advisory/ntap-20190905-0002/
August 2019 Linux Kernel Vulnerabilities in NetApp Products | NetApp Product Security
-
https://seclists.org/bugtraq/2019/Aug/13
Bugtraq: [SECURITY] [DSA 4495-1] linux security update
-
http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
Slackware Security Advisory - Slackware 14.2 kernel Updates ≈ Packet Storm
-
https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html
[SECURITY] [DLA 1885-1] linux-4.9 security update
-
https://github.com/torvalds/linux/commit/f3554aeb991214cbfafd17d55e2bfddb50282e32
floppy: fix div-by-zero in setup_format_params · torvalds/linux@f3554ae · GitHubPatch;Third Party Advisory
-
https://seclists.org/bugtraq/2019/Aug/18
Bugtraq: [SECURITY] [DSA 4497-1] linux security update
Jump to