CVE-2020-0465: Input Validation
First published: Mon Dec 07 2020(Updated: )
A flaw was found in the Linux kernel’s multi-touch input system. An out-of-bounds write triggered by a use-after-free issue could lead to memory corruption or possible privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Credit: security@android.com security@android.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:3.10.0-1160.59.1.rt56.1200.el7 | 0:3.10.0-1160.59.1.rt56.1200.el7 |
| redhat/kernel | <0:3.10.0-1160.59.1.el7 | 0:3.10.0-1160.59.1.el7 |
| Google Android | ||
| IBM BM Security Guardium | <=11.3 | |
| IBM Security Guardium | <=11.4 | |
| IBM Security Guardium | <=11.5 | |
| Google Android | ||
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.112-1 6.11.5-1 6.11.7-1 |
Remedy
As the multitouch module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions: # echo "install hid-multitouch /bin/true" >> /etc/modprobe.d/disable-hid-multitouch.conf The system may need to be restarted if the hid-multitouch module is loaded. In most circumstances, a kernel modules will be unable to be unloaded while in use. If the system requires this module to work correctly, this mitigation may not be suitable. If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-0465 https://nvd.nist.gov/vuln/detail/CVE-2020-0465
- https://bugzilla.redhat.com/show_bug.cgi?id=1920471
- https://access.redhat.com/errata/RHSA-2022:0622
- https://access.redhat.com/errata/RHSA-2022:0620
- https://access.redhat.com/security/cve/cve-2020-0465
- https://source.android.com/security/bulletin/2020-12-01
- https://launchpad.net/bugs/cve/CVE-2020-0465
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35556bed836f8dc07ac55f69c8d17dce3e7f0e25
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1920472
- https://access.redhat.com/solutions/41278
- https://exchange.xforce.ibmcloud.com/vulnerabilities/193398
- https://www.ibm.com/support/pages/node/6999317 (Advisory)
- https://android.googlesource.com/kernel/common/+/35556bed836f
- https://android.googlesource.com/kernel/common/+/bce1305c0ece
- https://source.android.com/docs/security/bulletin/2020-12-01 (Advisory)
- https://git.kernel.org/linus/35556bed836f8dc07ac55f69c8d17dce3e7f0e25
- https://git.kernel.org/linus/bce1305c0ece3dc549663605e567655dd701752c
- https://security-tracker.debian.org/tracker/CVE-2020-0465
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0465
- https://nvd.nist.gov/vuln/detail/CVE-2020-0465
- https://ubuntu.com/security/CVE-2020-0465
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-0465
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/author
- agent/remedy
- agent/severity
- agent/weakness
- agent/description
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/references
- collector/ibm-support
- source/IBM
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/tags
- collector/android-source
- source/Android
- agent/last-modified-date
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- package-manager/redhat
- vendor/google
- canonical/google android
- vendor/ibm
- canonical/ibm bm security guardium
- version/ibm bm security guardium/11.3
- canonical/ibm security guardium
- version/ibm security guardium/11.4
- version/ibm security guardium/11.5
- package-manager/debian