PT-2020-2914 · Linux+8 · Linux Kernel+8

Published

2020-03-22

·

Updated

2023-02-24

·

CVE-2020-13974

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions 4.4 through 5.7.1
Description An issue in the Linux kernel is caused by an integer overflow in the drivers/tty/vt/keyboard.c component. This overflow occurs when the k ascii function is called several times in a row. The exploitation of this issue may allow an attacker to execute arbitrary code.
Recommendations For Linux kernel versions 4.4 through 5.7.1, consider applying a patch or updating to a version where this issue is fixed, as the integer overflow in the k ascii function could potentially be exploited. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2022:1988
ALT-PU-2020-2168
ALT-PU-2020-2169
ALT-PU-2020-2209
ALT-PU-2020-2234
ALT-PU-2020-2240
ALT-PU-2020-2368
ALT-PU-2020-2409
ALT-PU-2020-2410
ALT-PU-2020-2432
ALT-PU-2020-2433
ALT-PU-2020-2687
ALT-PU-2020-3454
ALT-PU-2021-1840
BDU:2020-03071
CESA-2022_1975
CESA-2022_1988
CVE-2020-13974
DLA-2323-1
OPENSUSE-SU-2020:0935-1
OPENSUSE-SU-2020:1153-1
OPENSUSE-SU-2020_0935-1
OPENSUSE-SU-2020_1153-1
OPENSUSE-SU-2021:0242-1
OPENSUSE-SU-2021_0242-1
RHSA-2022:1975
RHSA-2022:1988
RHSA-2022_1975
RHSA-2022_1988
RLSA-2022:1975
RLSA-2022:1988
SUSE-SU-2020:14442-1
SUSE-SU-2020:1693-1
SUSE-SU-2020:1699-1
SUSE-SU-2020:2027-1
SUSE-SU-2020:2103-1
SUSE-SU-2020:2105-1
SUSE-SU-2020:2106-1
SUSE-SU-2020:2107-1
SUSE-SU-2020:2121-1
SUSE-SU-2020:2134-1
SUSE-SU-2020:2152-1
SUSE-SU-2020:2156-1
SUSE-SU-2020:2478-1
SUSE-SU-2020:2487-1
USN-4427-1
USN-4439-1
USN-4440-1
USN-4483-1
USN-4485-1

Affected Products

Alt Linux
Almalinux
Centos
Linuxmint
Linux Kernel
Red Hat
Rocky Linux
Suse
Ubuntu