A vulnerability was found in the Linux kernel’s floppy disk driver implementation. A local attacker with access to the floppy device could call set_geometry in drivers/block/floppy.c, which does not validate the sect and head fields, causing an integer overflow and out-of-bounds read. This flaw may crash the system or allow an attacker to gather information causing subsequent successful attacks.
The kernel module named 'floppy' contains the affected code, this can be blacklisted using the standard blacklisting techniques or disabled in the systems BIOS. See <https://access.redhat.com/solutions/41278> for how to blacklist a kernel module.
Virtualized guest systems can also remove the system from the guests configuration to ensure that the module does not load.
bugzilla.redhat.com/show_bug.cgi?id=1734243
cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=da99466ac243f15fbba65bd261bfc75ffa1532b6
github.com/torvalds/linux/commit/da99466ac243f15fbba65bd261bfc75ffa1532b6
nvd.nist.gov/vuln/detail/CVE-2019-14283
www.cve.org/CVERecord?id=CVE-2019-14283