CVE-2020-13974

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case.

References

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html

https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=dad0bf9ce93fa40b667eccd3306783f4db4b932b

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b86dab054059b970111b5516ae548efaae5b3aae

https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html

https://lkml.org/lkml/2020/3/22/482

https://usn.ubuntu.com/4427-1/

https://usn.ubuntu.com/4439-1/

https://usn.ubuntu.com/4440-1/

https://usn.ubuntu.com/4483-1/

https://usn.ubuntu.com/4485-1/

Details

Source: MITRE

Published: 2020-06-09

Updated: 2021-01-04

Type: CWE-190

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 5.7.1 (inclusive)

Tenable Plugins

View all (30 total)

IDNameProductFamilySeverity
150665SUSE SLES11 Security Update : kernel (SUSE-SU-2020:14442-1)NessusSuSE Local Security Checks
high
146282openSUSE Security Update : RT kernel (openSUSE-2021-242)NessusSuSE Local Security Checks
high
144831EulerOS Virtualization 3.0.2.6 : kernel (EulerOS-SA-2021-1056)NessusHuawei Local Security Checks
critical
142576EulerOS Virtualization 3.0.6.6 : kernel (EulerOS-SA-2020-2443)NessusHuawei Local Security Checks
high
142240EulerOS 2.0 SP2 : kernel (EulerOS-SA-2020-2353)NessusHuawei Local Security Checks
high
140917EulerOS 2.0 SP3 : kernel (EulerOS-SA-2020-2150)NessusHuawei Local Security Checks
medium
140378SUSE SLES15 Security Update : kernel (SUSE-SU-2020:2487-1)NessusSuSE Local Security Checks
medium
140328EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2020-1958)NessusHuawei Local Security Checks
high
140183Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4485-1)NessusUbuntu Local Security Checks
high
140181Ubuntu 18.04 LTS / 20.04 : Linux kernel vulnerabilities (USN-4483-1)NessusUbuntu Local Security Checks
high
140159EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-1938)NessusHuawei Local Security Checks
high
139995EulerOS Virtualization for ARM 64 3.0.6.0 : kernel (EulerOS-SA-2020-1892)NessusHuawei Local Security Checks
high
139551Debian DLA-2323-1 : linux-4.19 new packageNessusDebian Local Security Checks
critical
139408SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2152-1)NessusSuSE Local Security Checks
high
139401openSUSE Security Update : the Linux Kernel (openSUSE-2020-1153)NessusSuSE Local Security Checks
critical
139364SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2134-1)NessusSuSE Local Security Checks
high
139362SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2121-1)NessusSuSE Local Security Checks
critical
139310SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2107-1)NessusSuSE Local Security Checks
critical
139309SUSE SLES15 Security Update : kernel (SUSE-SU-2020:2106-1)NessusSuSE Local Security Checks
critical
139308SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2105-1)NessusSuSE Local Security Checks
medium
139137EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1807)NessusHuawei Local Security Checks
high
139028Ubuntu 18.04 LTS : linux kernel vulnerabilities (USN-4440-1)NessusUbuntu Local Security Checks
medium
139027Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4439-1)NessusUbuntu Local Security Checks
medium
138836Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4427-1)NessusUbuntu Local Security Checks
high
138727openSUSE Security Update : the Linux Kernel (openSUSE-2020-935)NessusSuSE Local Security Checks
high
138284SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1699-1)NessusSuSE Local Security Checks
high
138283SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1693-1)NessusSuSE Local Security Checks
high
138190Photon OS 2.0: Linux PHSA-2020-2.0-0256NessusPhotonOS Local Security Checks
high
138181Photon OS 3.0: Linux PHSA-2020-3.0-0108NessusPhotonOS Local Security Checks
high
137781Photon OS 1.0: Linux PHSA-2020-1.0-0303NessusPhotonOS Local Security Checks
high