Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-20261

A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. The impact of this issue is lessened by the fact that the default permissions on the floppy device (/dev/fd0) are restricted to root. If the permissions on the device have changed the impact changes greatly. In the default configuration root (or equivalent) permissions are required to attack this flaw.

Published

2021-03-11T21:15:11.983

Last Modified

2024-11-21T05:46:13.980

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.4 (MEDIUM)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.4

Impact Score

6.4

Weaknesses

Type: Primary
CWE-362

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linux	linux_kernel	< 4.5	Yes
Operating System	linux	linux_kernel	4.5	Yes
Operating System	linux	linux_kernel	4.5	Yes
Operating System	linux	linux_kernel	4.5	Yes
Operating System	linux	linux_kernel	4.5	Yes
Operating System	linux	linux_kernel	4.5	Yes
Operating System	redhat	enterprise_linux	7.0	Yes

References

https://bugzilla.redhat.com/show_bug.cgi?id=1932150 Issue Tracking, Patch, Third Party Advisory ([email protected])
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a0c80efe5956ccce9fe7ae5c78542578c07bc20a Mailing List, Patch, Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=1932150 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a0c80efe5956ccce9fe7ae5c78542578c07bc20a Mailing List, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)