Vulnerability Details : CVE-2021-20261
A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. The impact of this issue is lessened by the fact that the default permissions on the floppy device (/dev/fd0) are restricted to root. If the permissions on the device have changed the impact changes greatly. In the default configuration root (or equivalent) permissions are required to attack this flaw.
Products affected by CVE-2021-20261
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.5:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.5:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.5:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.5:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.5:-:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-20261
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 10 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-20261
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST | |
6.4
|
MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.5
|
5.9
|
NIST |
CWE ids for CVE-2021-20261
-
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.Assigned by: secalert@redhat.com (Primary)
References for CVE-2021-20261
-
https://bugzilla.redhat.com/show_bug.cgi?id=1932150
1932150 – (CVE-2021-20261) CVE-2021-20261 kernel: panic on multiple access to floppy deviceIssue Tracking;Patch;Third Party Advisory
-
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a0c80efe5956ccce9fe7ae5c78542578c07bc20a
kernel/git/torvalds/linux.git - Linux kernel source treeMailing List;Patch;Vendor Advisory
Jump to