CVE-2021-20261Race Condition in Kernel

CWE-362Race Condition7 documents6 sources
Severity
6.4MEDIUMNVD
OSV5.5
EPSS
0.0%
top 90.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelDebian LinuxRedhat Enterprise Linux
Timeline
PublishedMar 11
Latest updateMay 24

Description

A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. The impact of this issue is lessened by the fact that the default permissions on the floppy device (/dev/fd0) are restricted to root. If the permissions on the device have changed the impact changes greatly. In the default configuration root (or equivalent) permissions are required to attack this flaw.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9

Affected Packages5 packages

debiandebian/linux< linux 4.5.1-1 (bookworm)
NVDlinux/linux_kernel< 4.5+1
Debianlinux/linux_kernel< 4.5.1-1+3
Ubuntulinux/linux_kernel< 4.4.0-208.240
CVEListV5linux/linux_kernelkernel 5.12-rc2

Also affects: Enterprise Linux 7.0

Patches

Patch: bugzilla.redhat.comPatch: git.kernel.orgPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-8p2q-8rc4-vfp4: A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software2022-05-24
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities2021-04-13
OSV
CVE-2021-20261: A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software2021-03-11

📋Vendor Advisories

3
Ubuntu
Linux kernel vulnerabilities2021-04-13
Red Hat
kernel: panic on multiple access to floppy device2021-03-11
Debian
CVE-2021-20261: linux - A race condition was found in the Linux kernels implementation of the floppy dis...2021
CVE-2021-20261 — Race Condition in Linux Kernel | cvebase