CVE number – CVE-2019-14284
A vulnerability in the Linux Kernel could allow a local attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to a divide-by-zero condition in the drivers/block/floppy.c source code file of the affected software.
An attacker could exploit this vulnerability by inserting a floppy disk that submits malicious input to the targeted system. A successful exploit could cause the targeted system to crash, resulting in a DoS condition.
Kernel.org has confirmed the vulnerability and released software updates.
- To exploit this vulnerability, the attacker must have user-level access and be able to insert a floppy disk into the targeted system. This access requirement may reduce the likelihood of a successful exploit.
Safeguards for Administrators
- Apply the appropriate updates.
Allow only trusted users to access local systems.
Allow only privileged users to access administration or management systems.
Monitor critical systems.
- Kernel.org has released a git commit at the following link: commit f3554aeb991214cbfafd17d55e2bfddb50282e32
- Kernel.org has released a software patch at the following link: floppy: fix div-by-zero in setup_format_params