high
7.2
CWE
787
Advisory Published
Updated

CVE-2019-20636

First published: Sat Apr 04 2020(Updated: )

In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.

Credit: cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
redhat/kernel-rt<0:3.10.0-1160.rt56.1131.el7
0:3.10.0-1160.rt56.1131.el7
redhat/kernel-alt<0:4.14.0-115.26.1.el7a
0:4.14.0-115.26.1.el7a
redhat/kernel<0:3.10.0-1160.el7
0:3.10.0-1160.el7
redhat/kernel<0:3.10.0-693.81.1.el7
0:3.10.0-693.81.1.el7
redhat/kernel<0:3.10.0-957.65.1.el7
0:3.10.0-957.65.1.el7
redhat/kernel<0:3.10.0-1062.43.1.el7
0:3.10.0-1062.43.1.el7
redhat/kernel-rt<0:4.18.0-240.rt7.54.el8
0:4.18.0-240.rt7.54.el8
redhat/kernel<0:4.18.0-240.el8
0:4.18.0-240.el8
Google Android
redhat/kernel<5.4.12
5.4.12
Linux Linux kernel<3.16.83
Linux Linux kernel>=3.17<4.4.210
Linux Linux kernel>=4.5<4.9.210
Linux Linux kernel>=4.10<4.14.165
Linux Linux kernel>=4.15<4.19.96
Linux Linux kernel>=4.20<5.4.12
Netapp Cloud Backup
Netapp Solidfire
Netapp Steelstore Cloud Integrated Storage
Netapp Baseboard Management Controller H300s
Netapp Baseboard Management Controller H410s
Netapp Baseboard Management Controller H500s
Netapp Baseboard Management Controller H610c
Netapp Baseboard Management Controller H610s
Netapp Baseboard Management Controller H615c
Netapp Baseboard Management Controller H700s
Netapp Fas 8300
Netapp Fas 8700
Netapp Fas A400
Netapp Fas Baseboard Management Controller A220
Netapp Fas Baseboard Management Controller A320
Netapp Fas Baseboard Management Controller A800
Netapp Fas Baseboard Management Controller C190
Netapp H300s
Netapp H410s
Netapp H500s
Netapp H610c
Netapp H610s
Netapp H615c
Netapp H700s

Remedy

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb222aed03d798fc074be55e59d9a112338ee784

Remedy

https://github.com/torvalds/linux/commit/cb222aed03d798fc074be55e59d9a112338ee784

Remedy

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2019-20636?

    CVE-2019-20636 is an out-of-bounds write vulnerability in the Linux kernel.

  • How does CVE-2019-20636 work?

    CVE-2019-20636 allows a local user with root access to insert garbage to the keycode table and perform an out-of-bounds write, leading to potential memory access issues.

  • What is the severity of CVE-2019-20636?

    CVE-2019-20636 has a severity score of 6.7, indicating a high severity.

  • Which versions of the Linux kernel are affected by CVE-2019-20636?

    The Linux kernel versions before 5.4.12 are affected by CVE-2019-20636.

  • How can I fix CVE-2019-20636?

    To fix CVE-2019-20636, update your Linux kernel to version 5.4.12 or higher.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203