CVE-2019-20636
kernel: out-of-bounds write via crafted keycode table
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.
En el kernel de Linux versiones anteriores a 5.4.12, el archivo drivers/input/input.c presenta escrituras fuera de límites por medio de una tabla de códigos clave diseñada, como es demostrado en la función input_set_keycode, también se conoce como CID-cb222aed03d7.
An out-of-bounds write flaw was found in the Linux kernel. A crafted keycode table could be used by drivers/input/input.c to perform the out-of-bounds write. A local user with root access can insert garbage to this keycode table that can lead to out-of-bounds memory access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-04-08 CVE Reserved
- 2020-04-08 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html | Mailing List | |
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html | Mailing List | |
https://security.netapp.com/advisory/ntap-20200430-0004 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.12 | 2023-11-09 | |
https://access.redhat.com/security/cve/CVE-2019-20636 | 2021-01-05 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1824059 | 2021-01-05 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 3.16.83 Search vendor "Linux" for product "Linux Kernel" and version " < 3.16.83" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.17 < 4.4.210 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 4.4.210" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.5 < 4.9.210 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9.210" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.10 < 4.14.165 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.14.165" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.15 < 4.19.96 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 4.19.96" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.20 < 5.4.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.4.12" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Cloud Backup Search vendor "Netapp" for product "Cloud Backup" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Solidfire Search vendor "Netapp" for product "Solidfire" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Steelstore Cloud Integrated Storage Search vendor "Netapp" for product "Steelstore Cloud Integrated Storage" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Fas 8300 Search vendor "Netapp" for product "Fas 8300" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Fas 8700 Search vendor "Netapp" for product "Fas 8700" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Fas A400 Search vendor "Netapp" for product "Fas A400" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Fas Baseboard Management Controller A220 Search vendor "Netapp" for product "Fas Baseboard Management Controller A220" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Fas Baseboard Management Controller A320 Search vendor "Netapp" for product "Fas Baseboard Management Controller A320" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Fas Baseboard Management Controller A800 Search vendor "Netapp" for product "Fas Baseboard Management Controller A800" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Fas Baseboard Management Controller C190 Search vendor "Netapp" for product "Fas Baseboard Management Controller C190" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | H300s Search vendor "Netapp" for product "H300s" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | H410s Search vendor "Netapp" for product "H410s" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | H500s Search vendor "Netapp" for product "H500s" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | H610c Search vendor "Netapp" for product "H610c" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | H610s Search vendor "Netapp" for product "H610s" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | H615c Search vendor "Netapp" for product "H615c" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | H700s Search vendor "Netapp" for product "H700s" | - | - |
Affected
|