Linux Kernel drivers/block/floppy.c Denial of Service Vulnerability [CVE-2019-14284]
CVE number – CVE-2019-14284
A vulnerability in the Linux Kernel could allow a local attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to a divide-by-zero condition in the drivers/block/floppy.c source code file of the affected software.
An attacker could exploit this vulnerability by inserting a floppy disk that submits malicious input to the targeted system. A successful exploit could cause the targeted system to crash, resulting in a DoS condition.
Kernel.org has confirmed the vulnerability and released software updates.
Analysis
- To exploit this vulnerability, the attacker must have user-level access and be able to insert a floppy disk into the targeted system. This access requirement may reduce the likelihood of a successful exploit.
Safeguards for Administrators
- Apply the appropriate updates.
Allow only trusted users to access local systems.
Allow only privileged users to access administration or management systems.
Monitor critical systems.
Vendor Announcements
- Kernel.org has released a git commit at the following link: commit f3554aeb991214cbfafd17d55e2bfddb50282e32
Fixed Software
- Kernel.org has released a software patch at the following link: floppy: fix div-by-zero in setup_format_params
I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.