PT-2019-1112 · Linux+4 · Linux Kernel+4

Published

2019-12-13

·

Updated

2023-11-09

·

CVE-2019-20636

CVSS v2.0

7.2

High

VectorAV:L/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.4.12
Description: The issue is related to an out-of-bounds write in the Linux kernel's input.c component, specifically in the drivers/input/input.c file. This can be exploited to impact the confidentiality, integrity, and availability of protected information. The vulnerability can be triggered by a crafted keycode table, as demonstrated by the input set keycode function. It may lead to local escalation of privilege in the kernel without requiring additional execution privileges. User interaction is not necessary for exploitation.
Recommendations: For Linux kernel versions prior to 5.4.12, update to version 5.4.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the input.c component until a patch is available. Avoid using the input set keycode function in the affected API endpoint until the issue is resolved.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2020:4431
ALT-PU-2020-1046
ALT-PU-2020-1048
ALT-PU-2020-1067
ALT-PU-2020-1198
ALT-PU-2020-1421
ALT-PU-2020-1450
ALT-PU-2020-1501
ALT-PU-2020-1714
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
ASB-A-153715664
BDU:2021-03056
CESA-2020_4060
CESA-2020_4431
CESA-2020_4609
CVE-2019-20636
DLA-2241-1
DLA-2241-2
RHSA-2020:2854
RHSA-2020:4060
RHSA-2020:4062
RHSA-2020:4431
RHSA-2020:4609
RHSA-2020:5430
RHSA-2020:5656
RHSA-2020_4060
RHSA-2020_4062
RHSA-2020_4431
RHSA-2020_4609
RHSA-2021:0019

Affected Products

Alt Linux
Almalinux
Centos
Linux Kernel
Red Hat