What is CVE-2019-20636?

CVE-2019-20636 is an out-of-bounds write vulnerability in the Linux kernel.

How does CVE-2019-20636 work?

CVE-2019-20636 allows a local user with root access to insert garbage to the keycode table and perform an out-of-bounds write, leading to potential memory access issues.

What is the severity of CVE-2019-20636?

CVE-2019-20636 has a severity score of 6.7, indicating a high severity.

Which versions of the Linux kernel are affected by CVE-2019-20636?

The Linux kernel versions before 5.4.12 are affected by CVE-2019-20636.

How can I fix CVE-2019-20636?

To fix CVE-2019-20636, update your Linux kernel to version 5.4.12 or higher.

Vulnerability/
CVE-2019-20636

high

7.2

CWE

787

4/4/2020

8/4/2020

5/8/2024

CVE-2019-20636

First published: Sat Apr 04 2020(Updated: )

In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
redhat/kernel-rt	<0:3.10.0-1160.rt56.1131.el7	0:3.10.0-1160.rt56.1131.el7
redhat/kernel-alt	<0:4.14.0-115.26.1.el7a	0:4.14.0-115.26.1.el7a
redhat/kernel	<0:3.10.0-1160.el7	0:3.10.0-1160.el7
redhat/kernel	<0:3.10.0-693.81.1.el7	0:3.10.0-693.81.1.el7
redhat/kernel	<0:3.10.0-957.65.1.el7	0:3.10.0-957.65.1.el7
redhat/kernel	<0:3.10.0-1062.43.1.el7	0:3.10.0-1062.43.1.el7
redhat/kernel-rt	<0:4.18.0-240.rt7.54.el8	0:4.18.0-240.rt7.54.el8
redhat/kernel	<0:4.18.0-240.el8	0:4.18.0-240.el8
redhat/kernel	<5.4.12	5.4.12
Android
Linux Kernel	<3.16.83
Linux Kernel	>=3.17<4.4.210
Linux Kernel	>=4.5<4.9.210
Linux Kernel	>=4.10<4.14.165
Linux Kernel	>=4.15<4.19.96
Linux Kernel	>=4.20<5.4.12
NetApp Cloud Backup
NetApp SolidFire & HCI Storage Node
NetApp SteelStore Cloud Integrated Storage
NetApp FAS8300
NetApp FAS8700
NetApp FAS A400
NetApp FAS Baseboard Management Controller
NetApp FAS Baseboard Management Controller
NetApp FAS A800 Baseboard Management Controller Firmware
NetApp FAS Baseboard Management Controller
NetApp H300S Firmware
NetApp H410S Firmware
NetApp H500e Firmware
NetApp H610C Firmware
NetApp H610S Firmware
NetApp H615C
NetApp H700S
NetApp Baseboard Management Controller H300S
NetApp Baseboard Management Controller H410S
NetApp Baseboard Management Controller H500S
NetApp Baseboard Management Controller H610C Firmware
NetApp Baseboard Management Controller H610S Firmware
NetApp Baseboard Management Controller H615C Firmware
NetApp Baseboard Management Controller H700S

Remedy

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb222aed03d798fc074be55e59d9a112338ee784

Remedy

https://github.com/torvalds/linux/commit/cb222aed03d798fc074be55e59d9a112338ee784

Remedy

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is CVE-2019-20636?
CVE-2019-20636 is an out-of-bounds write vulnerability in the Linux kernel.
How does CVE-2019-20636 work?
CVE-2019-20636 allows a local user with root access to insert garbage to the keycode table and perform an out-of-bounds write, leading to potential memory access issues.
What is the severity of CVE-2019-20636?
CVE-2019-20636 has a severity score of 6.7, indicating a high severity.
Which versions of the Linux kernel are affected by CVE-2019-20636?
The Linux kernel versions before 5.4.12 are affected by CVE-2019-20636.
How can I fix CVE-2019-20636?
To fix CVE-2019-20636, update your Linux kernel to version 5.4.12 or higher.

collector/redhat-cve
agent/type
agent/first-publish-date
agent/severity
agent/references
agent/remedy
agent/weakness
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2019-20636
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/source
agent/author
collector/android-source
source/Android
agent/software-canonical-lookup-request
agent/tags
agent/softwarecombine
collector/nvd-api
collector/nvd-index
package-manager/redhat
vendor/google
canonical/android
vendor/linux
canonical/linux kernel
version/linux kernel/3.17
version/linux kernel/4.5
version/linux kernel/4.10
version/linux kernel/4.15
version/linux kernel/4.20
vendor/netapp
canonical/netapp cloud backup
canonical/netapp solidfire & hci storage node
canonical/netapp steelstore cloud integrated storage
canonical/netapp fas8300
canonical/netapp fas8700
canonical/netapp fas a400
canonical/netapp fas baseboard management controller
canonical/netapp fas a800 baseboard management controller firmware
canonical/netapp h300s firmware
canonical/netapp h410s firmware
canonical/netapp h500e firmware
canonical/netapp h610c firmware
canonical/netapp h610s firmware
canonical/netapp h615c
canonical/netapp h700s
canonical/netapp baseboard management controller h300s
canonical/netapp baseboard management controller h410s
canonical/netapp baseboard management controller h500s
canonical/netapp baseboard management controller h610c firmware
canonical/netapp baseboard management controller h610s firmware
canonical/netapp baseboard management controller h615c firmware
canonical/netapp baseboard management controller h700s

CVE-2019-20636

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Frequently Asked Questions

What is CVE-2019-20636?

How does CVE-2019-20636 work?

What is the severity of CVE-2019-20636?

Which versions of the Linux kernel are affected by CVE-2019-20636?

How can I fix CVE-2019-20636?

Company

Resources

Contact