CVE-2020-9383

An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.

CVSS v3 7.1 HIGH
CVSS v2.0 3.6 LOW

7.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

3.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:P

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html	Mailing List Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=2f9ac30a54dc0181ddac3705cdcf4775d863c530	Mailing List Patch Vendor Advisory
https://github.com/torvalds/linux/commit/2e90ca68b0d2f5548804f22f0dd61145516171e3	Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20200313-0003/	Third Party Advisory
https://usn.ubuntu.com/4342-1/	Third Party Advisory
https://usn.ubuntu.com/4344-1/	Third Party Advisory
https://usn.ubuntu.com/4345-1/	Third Party Advisory
https://usn.ubuntu.com/4346-1/	Third Party Advisory
https://www.debian.org/security/2020/dsa-4698	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 3 (hide)

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:19.10:::::::*

Configuration 5 (hide)

OR	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:cloud_backup:-:::::::*
	cpe:2.3:a:netapp:data_availability_services:-:::::::*
	cpe:2.3:a:netapp:hci_management_node:-:::::::*
	cpe:2.3:a:netapp:solidfire:-:::::::*
	cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::*

Configuration 6 (hide)

AND

cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

History

29 Oct 2022, 02:34

Type	Values Removed	Values Added
CPE		cpe:2.3:a:netapp:data_availability_services:-:::::::* cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts::: cpe:2.3:o:debian:debian_linux:8.0:::::::* cpe:2.3:a:netapp:cloud_backup:-:::::::* cpe:2.3:o:opensuse:leap:15.1:::::::* cpe:2.3:a:netapp:hci_management_node:-:::::::* cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::* cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm::: cpe:2.3:a:netapp:solidfire:-:::::::* cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:::::::* cpe:2.3:o:debian:debian_linux:9.0:::::::* cpe:2.3:o:canonical:ubuntu_linux:19.10:::::::* cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere:: cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm::: cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:::::::* cpe:2.3:h:netapp:h410c:-:::::::* cpe:2.3:o:netapp:h410c_firmware:-:::::::*
First Time		Netapp solidfire Baseboard Management Controller Firmware Netapp steelstore Cloud Integrated Storage Netapp solidfire Canonical ubuntu Linux Netapp data Availability Services Canonical Opensuse leap Debian Netapp cloud Backup Netapp hci Management Node Netapp active Iq Unified Manager Netapp solidfire Baseboard Management Controller Netapp h410c Netapp h410c Firmware Debian debian Linux Netapp Opensuse
References	~~(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=2f9ac30a54dc0181ddac3705cdcf4775d863c530 -~~	(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=2f9ac30a54dc0181ddac3705cdcf4775d863c530 - Mailing List, Patch, Vendor Advisory
References	~~(MLIST) https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html -~~	(MLIST) https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html - Mailing List, Third Party Advisory
References	~~(UBUNTU) https://usn.ubuntu.com/4344-1/ -~~	(UBUNTU) https://usn.ubuntu.com/4344-1/ - Third Party Advisory
References	~~(UBUNTU) https://usn.ubuntu.com/4346-1/ -~~	(UBUNTU) https://usn.ubuntu.com/4346-1/ - Third Party Advisory
References	~~(DEBIAN) https://www.debian.org/security/2020/dsa-4698 -~~	(DEBIAN) https://www.debian.org/security/2020/dsa-4698 - Third Party Advisory
References	~~(UBUNTU) https://usn.ubuntu.com/4342-1/ -~~	(UBUNTU) https://usn.ubuntu.com/4342-1/ - Third Party Advisory
References	~~(SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html -~~	(SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html - Mailing List, Third Party Advisory
References	~~(MLIST) https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html -~~	(MLIST) https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html - Mailing List, Third Party Advisory
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20200313-0003/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20200313-0003/ - Third Party Advisory
References	~~(UBUNTU) https://usn.ubuntu.com/4345-1/ -~~	(UBUNTU) https://usn.ubuntu.com/4345-1/ - Third Party Advisory
References	~~(MLIST) https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html -~~	(MLIST) https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html - Mailing List, Third Party Advisory

04 Jan 2021, 23:15

Type	Values Removed	Values Added
References		(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=2f9ac30a54dc0181ddac3705cdcf4775d863c530 -
Summary	An issue was discovered in the Linux kernel through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.	An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.

Information

Published : 2020-02-25 16:15

Updated : 2023-12-10 13:13

NVD link : CVE-2020-9383

Mitre link : CVE-2020-9383

CVE.ORG link : CVE-2020-9383

JSON object : View

Products Affected

netapp

h410c
cloud_backup
steelstore_cloud_integrated_storage
solidfire
data_availability_services
active_iq_unified_manager
hci_management_node
solidfire_baseboard_management_controller
solidfire_baseboard_management_controller_firmware
h410c_firmware

opensuse

leap

debian

debian_linux

linux

linux_kernel

canonical

ubuntu_linux

CWE

CWE-125

Out-of-bounds Read

7.1 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

3.6 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2020-9383

7.1^/10

3.6^/10

Attach tags to `CVE-2020-9383`