Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by incorrect permissions on vmcore-dmesg.txt file in kexec-tools. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain kernel internal information, and use this information to launch further attacks against the affected system.
Linux Kernel is vulnerable to a denial of service, caused by a race condition in the implementation of the floppy disk drive controller driver software. By sending multiple threads to open(“/dev/fdX”), a local attacker could exploit this vulnerability to cause system to crash.
Refer to Linux advisory for the complete list of affected products and their respective patches.