Vulnetix
Try Vulnetix Request Demo
CVE-2019-14283 PUBLISHED

In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default.

EPSS 0.05% · 15.8th percentile

Risk Scores

EPSS Score
0.05%
15.8th percentile

Affected Products

VendorProductVersions
Ubuntu:16.04:LTSlinux-gcp4.15.0-1030.32~16.04.1, *, 4.13.0-1008.11
Ubuntu:16.04:LTSlinux-oracle4.15.0-1014.16~16.04.1, 4.15.0-1015.17~16.04.1, 4.15.0-1018.20~16.04.1
Ubuntu:Pro:FIPS:16.04:LTSlinux-fips4.4.0-1010.13, 4.4.0-1012.16, 4.4.0-1002.2
Ubuntu:18.04:LTSlinux-hwe4.18.0-22.23~18.04.1, 4.18.0-15.16~18.04.1, 5.0.0-25.26~18.04.1
Ubuntu:24.04:LTSlinux-raspi-realtime0, 6.8.0-2019.20
Ubuntu:Pro:FIPS-updates:18.04:LTSlinux-azure-fips4.15.0-1002.2, 0
Ubuntu:22.04:LTSlinux-intel-iot-realtime0, 5.15.0-1073.75
Ubuntu:18.04:LTSlinux-oem4.15.0-1002.3, 0, 4.15.0-1036.41
Ubuntu:18.04:LTSlinux-oem-osp15.0.0-1012.13, 5.0.0-1010.11, 0
Ubuntu:20.04:LTSlinux-azure-fde5.4.0-1083.87+cvm1.1, 5.4.0-1078.81+cvm1.1, 5.4.0-1076.79+cvm1.1
Ubuntu:18.04:LTSlinux-aws4.15.0-1006.6, 0, 4.15.0-1029.30
Ubuntu:18.04:LTSlinux-hwe-edge5.0.0-20.21~18.04.1, *, 0
Ubuntu:18.04:LTSlinux-gcp4.15.0-1005.5, 4.15.0-1027.28, 4.15.0-1028.29
Ubuntu:16.04:LTSlinux-aws-hwe4.15.0-1043.45~16.04.1, 4.15.0-1040.42~16.04.1, 4.15.0-1036.38~16.04.1
Ubuntu:Pro:14.04:LTSlinux3.13.0-34.60, 0, 3.11.0-12.19
Ubuntu:18.04:LTSlinux-raspi24.15.0-1029.31, 4.15.0-1013.14, 4.15.0-1018.19
Ubuntu:Pro:FIPS:18.04:LTSlinux-aws-fips4.15.0-2000.4, 0
Ubuntu:20.04:LTSlinux-riscv5.4.0-28.32, 5.4.0-27.31, 5.4.0-40.45
Ubuntu:16.04:LTSlinux4.4.0-63.84, 4.4.0-64.85, 4.4.0-159.187
Ubuntu:Pro:14.04:LTSlinux-azure4.15.0-1042.46~14.04.1, 4.15.0-1041.45~14.04.1, 4.15.0-1040.44~14.04.1

…and 21 more

Timeline

References

Open in Interactive Console →