CVE-2020-13974: Integer Overflow
First published: Sun Mar 22 2020(Updated: )
A flaw integer overflow in the Linux kernel's virtual terminal keyboard driver was found in the way the user sends some specific keyboard code multiple times. A local user could use this flaw to crash the system or possibly escalate their privileges on the system.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:4.18.0-372.9.1.rt7.166.el8 | 0:4.18.0-372.9.1.rt7.166.el8 |
| redhat/kernel | <0:4.18.0-372.9.1.el8 | 0:4.18.0-372.9.1.el8 |
| redhat/kernel | <5.8 | 5.8 |
| Linux Kernel | <4.4.227 | |
| Linux Kernel | >=4.5<4.9.227 | |
| Linux Kernel | >=4.10<4.14.184 | |
| Linux Kernel | >=4.15<4.19.128 | |
| Linux Kernel | >=4.20<5.4.46 | |
| Linux Kernel | >=5.5<5.6.18 | |
| Linux Kernel | >=5.7<5.7.2 | |
| Debian GNU/Linux | =9.0 | |
| Ubuntu Linux | =14.04 | |
| Ubuntu Linux | =16.04 | |
| Ubuntu Linux | =18.04 | |
| Ubuntu Linux | =20.04 | |
| Linux kernel | <4.4.227 | |
| Linux kernel | >=4.5<4.9.227 | |
| Linux kernel | >=4.10<4.14.184 | |
| Linux kernel | >=4.15<4.19.128 | |
| Linux kernel | >=4.20<5.4.46 | |
| Linux kernel | >=5.5<5.6.18 | |
| Linux kernel | >=5.7<5.7.2 | |
| Debian | =9.0 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.16-1 |
Remedy
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-13974 https://nvd.nist.gov/vuln/detail/CVE-2020-13974 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b86dab054059b970111b5516ae548efaae5b3aae
- https://bugzilla.redhat.com/show_bug.cgi?id=2016169
- https://access.redhat.com/errata/RHSA-2022:1975
- https://access.redhat.com/errata/RHSA-2022:1988
- https://access.redhat.com/security/cve/cve-2020-13974
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=dad0bf9ce93fa40b667eccd3306783f4db4b932b
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b86dab054059b970111b5516ae548efaae5b3aae
- https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html
- https://lkml.org/lkml/2020/3/22/482
- https://usn.ubuntu.com/4427-1/
- https://usn.ubuntu.com/4439-1/
- https://usn.ubuntu.com/4440-1/
- https://usn.ubuntu.com/4483-1/
- https://usn.ubuntu.com/4485-1/
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://launchpad.net/bugs/cve/CVE-2020-13974
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2016170
- https://git.kernel.org/linus/b86dab054059b970111b5516ae548efaae5b3aae
- https://security-tracker.debian.org/tracker/CVE-2020-13974
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13974
- https://nvd.nist.gov/vuln/detail/CVE-2020-13974
- https://ubuntu.com/security/CVE-2020-13974
Frequently Asked Questions
What is the severity of CVE-2020-13974?
CVE-2020-13974 has a high severity rating due to its potential to crash the system or escalate user privileges.
How do I fix CVE-2020-13974?
To fix CVE-2020-13974, upgrade to the latest version of the Linux kernel or the specific patched versions provided by your distribution.
Which systems are affected by CVE-2020-13974?
CVE-2020-13974 affects various versions of the Linux kernel, including those from Red Hat, Debian, and Ubuntu.
Who can exploit CVE-2020-13974?
CVE-2020-13974 can be exploited by local users who can send specific keyboard codes multiple times.
When was CVE-2020-13974 disclosed?
CVE-2020-13974 was disclosed in July 2020.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-13974
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- agent/trending
- agent/last-modified-date
- agent/source
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/tags
- agent/event
- collector/nvd-index
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.5
- version/linux kernel/4.10
- version/linux kernel/4.15
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.7
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/9.0
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/14.04
- version/ubuntu linux/16.04
- version/ubuntu linux/18.04
- version/ubuntu linux/20.04
- canonical/debian
- version/debian/9.0
- package-manager/debian