Bug 1919889 (CVE-2020-0431)
Summary: | CVE-2020-0431 kernel: possible out of bounds write in kbd_keycode of keyboard.c | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | acaringi, adscvr, airlied, alciregi, bhu, blc, bmasney, brdeoliv, bskeggs, chwhite, dhoward, dramseur, dvlasenk, fhrbata, hdegoede, hkrzesin, itamar, jarodwilson, jeremy, jforbes, jglisse, jhunter, jlelli, jonathan, josef, jshortt, jstancek, jwboyer, kcarcia, kernel-maint, kernel-mgr, kmitts, lgoncalv, linville, masami256, mchehab, mgala, mjudeiki, mlangsdo, nmurray, ptalbert, qzhao, rvrbovsk, steved, walters, williams |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw out of bounds write in the Linux kernel human interface devices subsystem was found in the way user calls find key code by index. A local user could use this flaw to crash the system or escalate privileges on the system.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-05-18 20:38:12 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1885560, 1919890, 1921124, 1921125, 1925128 | ||
Bug Blocks: | 1919793 |
Description
Dhananjay Arunesh
2021-01-25 11:26:48 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1919890] This was fixed for Fedora with the 5.5 kernel rebases. Statement: This flaw is rated as having a Moderate impact because in the default configuration, the issue can only be triggered by a privileged local user. External References: https://patchwork.kernel.org/project/linux-input/patch/20191207210518.GA181006@dtor-ws/ Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1578 https://access.redhat.com/errata/RHSA-2021:1578 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1739 https://access.redhat.com/errata/RHSA-2021:1739 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-0431 |