A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console both calling ioctl VT_RESIZE. An out-of-bounds write can occur. A local user with access to the VGA console could use this flaw to crash the system, potentially escalating their privileges on the system.
Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Statement: This flaw is rated as a having Moderate impact, because only local user with access to VGA console can trigger it (for example if booting with param "nomodeset").
Acknowledgments: Name: Yunhai Zhang (NSFOCUS Security Team)
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1861348]
References: https://www.openwall.com/lists/oss-security/2020/07/28/2 https://lists.openwall.net/linux-kernel/2020/07/29/234
This was fixed for Fedora with the 5.7.15 stable kernel updates.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4286 https://access.redhat.com/errata/RHSA-2020:4286
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4289 https://access.redhat.com/errata/RHSA-2020:4289
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-14331
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:5023 https://access.redhat.com/errata/RHSA-2020:5023
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:5026 https://access.redhat.com/errata/RHSA-2020:5026