CVE-2020-0431
First published: Thu Sep 17 2020(Updated: )
A flaw out of bounds write in the Linux kernel human interface devices subsystem was found in the way user calls find key code by index. A local user could use this flaw to crash the system or escalate privileges on the system.
Credit: security@android.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:4.18.0-305.rt7.72.el8 | 0:4.18.0-305.rt7.72.el8 |
| redhat/kernel | <0:4.18.0-305.el8 | 0:4.18.0-305.el8 |
| Android | ||
| SUSE Linux | =15.1 | |
| SUSE Linux | =15.2 |
Remedy
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html
- https://source.android.com/security/bulletin/pixel/2020-09-01
- https://android.googlesource.com/kernel/common/+/cb0a3edf8d00
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1919890
- https://patchwork.kernel.org/project/linux-input/patch/20191207210518.GA181006@dtor-ws/
- https://access.redhat.com/errata/RHSA-2021:1578
- https://access.redhat.com/errata/RHSA-2021:1739
- https://access.redhat.com/security/cve/cve-2020-0431
- https://bugzilla.redhat.com/show_bug.cgi?id=1919889
- https://www.cve.org/CVERecord?id=CVE-2020-0431 https://nvd.nist.gov/vuln/detail/CVE-2020-0431 https://patchwork.kernel.org/project/linux-input/patch/20191207210518.GA181006@dtor-ws/
Frequently Asked Questions
What is the severity of CVE-2020-0431?
CVE-2020-0431 is considered a high severity vulnerability that could lead to system crashes or privilege escalation.
How do I fix CVE-2020-0431?
To address CVE-2020-0431, ensure that your system is updated to kernel version 4.18.0-305.rt7.72.el8 or 4.18.0-305.el8.
Who is affected by CVE-2020-0431?
CVE-2020-0431 affects systems running specific versions of the Linux kernel, including those from Red Hat and openSUSE.
What kind of systems are vulnerable to CVE-2020-0431?
Vulnerable systems include certain versions of the Linux kernel used in Red Hat, openSUSE, and Google Android.
Can CVE-2020-0431 be exploited remotely?
CVE-2020-0431 requires local access to the system for exploitation, making it less likely to be exploited remotely.
- collector/redhat-cve
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-0431
- agent/references
- agent/remedy
- agent/severity
- agent/weakness
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/google
- canonical/android
- vendor/opensuse
- canonical/suse linux
- version/suse linux/15.1
- version/suse linux/15.2