In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459 References: https://android.googlesource.com/kernel/common/+/cb0a3edf8d00 https://source.android.com/security/bulletin/pixel/2020-09-01
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1919890]
This was fixed for Fedora with the 5.5 kernel rebases.
Statement: This flaw is rated as having a Moderate impact because in the default configuration, the issue can only be triggered by a privileged local user.
External References: https://patchwork.kernel.org/project/linux-input/patch/20191207210518.GA181006@dtor-ws/
Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1578 https://access.redhat.com/errata/RHSA-2021:1578
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1739 https://access.redhat.com/errata/RHSA-2021:1739
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-0431