An out of bounds (OOB) memory access flaw was found in set_fdc in drivers/block/floppy.c in floppy driver module . This could allow a local attacker to crash the system or leak kernel internal information. Reference and upstream commit: https://github.com/torvalds/linux/commit/2e90ca68b0d2f5548804f22f0dd61145516171e3
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1810687]
This was fixed for Fedora with the 5.5.7 stable kernel updates.
Mitigation: Mitigation for this issue is to skip loading the affected floppy driver module onto the system till we have a fix available, this can be done by a blacklist mechanism, this will ensure the driver is not loaded at the boot time. ~~~ How do I blacklist a kernel module to prevent it from loading automatically? https://access.redhat.com/solutions/41278 ~~~
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:2104 https://access.redhat.com/errata/RHSA-2020:2104
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-9383
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4062 https://access.redhat.com/errata/RHSA-2020:4062
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4060 https://access.redhat.com/errata/RHSA-2020:4060