#VU25813 Out-of-bounds read in Linux kernel

Published: 2020-03-08

Vulnerability identifier: #VU25813

Vulnerability risk: Low


CVE-ID: CVE-2020-9383


Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation


The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the set_fdc() function in drivers/block/floppy.c file in Linux kernel due to the FDC index is not checked for errors before assigning it. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.

Install updates from vendor's website.

Vulnerable software versions

Linux kernel: 5.5 - 5.5.6


External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability