First published: Sat Apr 04 2020(Updated: )
In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel-rt | <0:3.10.0-1160.rt56.1131.el7 | 0:3.10.0-1160.rt56.1131.el7 |
redhat/kernel-alt | <0:4.14.0-115.26.1.el7a | 0:4.14.0-115.26.1.el7a |
redhat/kernel | <0:3.10.0-1160.el7 | 0:3.10.0-1160.el7 |
redhat/kernel | <0:3.10.0-693.81.1.el7 | 0:3.10.0-693.81.1.el7 |
redhat/kernel | <0:3.10.0-957.65.1.el7 | 0:3.10.0-957.65.1.el7 |
redhat/kernel | <0:3.10.0-1062.43.1.el7 | 0:3.10.0-1062.43.1.el7 |
redhat/kernel-rt | <0:4.18.0-240.rt7.54.el8 | 0:4.18.0-240.rt7.54.el8 |
redhat/kernel | <0:4.18.0-240.el8 | 0:4.18.0-240.el8 |
Google Android | ||
redhat/kernel | <5.4.12 | 5.4.12 |
Linux Linux kernel | <3.16.83 | |
Linux Linux kernel | >=3.17<4.4.210 | |
Linux Linux kernel | >=4.5<4.9.210 | |
Linux Linux kernel | >=4.10<4.14.165 | |
Linux Linux kernel | >=4.15<4.19.96 | |
Linux Linux kernel | >=4.20<5.4.12 | |
Netapp Cloud Backup | ||
Netapp Solidfire | ||
Netapp Steelstore Cloud Integrated Storage | ||
Netapp Baseboard Management Controller H300s | ||
Netapp Baseboard Management Controller H410s | ||
Netapp Baseboard Management Controller H500s | ||
Netapp Baseboard Management Controller H610c | ||
Netapp Baseboard Management Controller H610s | ||
Netapp Baseboard Management Controller H615c | ||
Netapp Baseboard Management Controller H700s | ||
Netapp Fas 8300 | ||
Netapp Fas 8700 | ||
Netapp Fas A400 | ||
Netapp Fas Baseboard Management Controller A220 | ||
Netapp Fas Baseboard Management Controller A320 | ||
Netapp Fas Baseboard Management Controller A800 | ||
Netapp Fas Baseboard Management Controller C190 | ||
Netapp H300s | ||
Netapp H410s | ||
Netapp H500s | ||
Netapp H610c | ||
Netapp H610s | ||
Netapp H615c | ||
Netapp H700s |
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2019-20636 is an out-of-bounds write vulnerability in the Linux kernel.
CVE-2019-20636 allows a local user with root access to insert garbage to the keycode table and perform an out-of-bounds write, leading to potential memory access issues.
CVE-2019-20636 has a severity score of 6.7, indicating a high severity.
The Linux kernel versions before 5.4.12 are affected by CVE-2019-20636.
To fix CVE-2019-20636, update your Linux kernel to version 5.4.12 or higher.