Part of the Linux 5.3 kernel changes to add additional protection for ioctl calls associated with the floppy driver, and the driver itself is marked as left unmaintained
("orphaned"), which implies the termination of its testing.
The driver is considered obsolete because it is difficult to find working hardware to test it - all current external drives, as a rule, use the USB interface. At the same time, the removal of the driver from the kernel is hindered by the fact that floppy disk controllers are still emulated in virtualization systems. Therefore, the driver is still stored in the kernel, but its correct operation is not guaranteed.
Also, in the floppy driver () that allows, through ioctl manipulation, an unprivileged user who has the ability to insert his floppy disk, to read data from memory areas outside the boundaries of the copy buffer (for example, adjacent areas may contain residual data from the disk cache and input buffer). On the one hand, the vulnerability remains relevant since the floppy driver is automatically loaded if there is an appropriate emulated controller in virtualization systems (for example, it is used by default in QEMU), but on the other hand, to exploit the problem, it is necessary that the floppy disk image prepared by the attacker be connected.
Source: opennet.ru