CVE-2020-14390

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.

References

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html

https://bugzilla.redhat.com/show_bug.cgi?id=1876788

https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html

https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html

Details

Source: MITRE

Published: 2020-09-18

Updated: 2020-11-02

Type: CWE-787

Risk Information

CVSS v2

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 5.6

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H

Impact Score: 4.7

Exploitability Score: 0.8

Severity: MEDIUM

Tenable Plugins

View all (28 total)

IDNameProductFamilySeverity
150536SUSE SLES11 Security Update : kernel (SUSE-SU-2021:14630-1)NessusSuSE Local Security Checks
high
148494Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-4912-1)NessusUbuntu Local Security Checks
high
147512EulerOS Virtualization 2.9.1 : kernel (EulerOS-SA-2021-1604)NessusHuawei Local Security Checks
high
146282openSUSE Security Update : RT kernel (openSUSE-2021-242)NessusSuSE Local Security Checks
high
144731EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2021-1039)NessusHuawei Local Security Checks
high
143875SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3532-1)NessusSuSE Local Security Checks
high
143857SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3544-1)NessusSuSE Local Security Checks
high
143801SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2905-1)NessusSuSE Local Security Checks
high
143784SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3014-1)NessusSuSE Local Security Checks
high
143708SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2904-1)NessusSuSE Local Security Checks
high
143699SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2907-1)NessusSuSE Local Security Checks
high
143671SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2879-1)NessusSuSE Local Security Checks
medium
143654SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3501-1)NessusSuSE Local Security Checks
high
143639SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3503-1)NessusSuSE Local Security Checks
high
143445Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4660-1)NessusUbuntu Local Security Checks
high
143433Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4657-1)NessusUbuntu Local Security Checks
high
143431Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4658-1)NessusUbuntu Local Security Checks
high
142176Debian DLA-2420-2 : linux regression updateNessusDebian Local Security Checks
high
141973Amazon Linux 2 : kernel (ALAS-2020-1520)NessusAmazon Linux Local Security Checks
high
141961Amazon Linux AMI : kernel (ALAS-2020-1437)NessusAmazon Linux Local Security Checks
high
141789Slackware 14.2 : Slackware 14.2 kernel (SSA:2020-295-01)NessusSlackware Local Security Checks
high
141445Photon OS 2.0: Linux PHSA-2020-2.0-0288NessusPhotonOS Local Security Checks
high
141388openSUSE Security Update : the Linux Kernel (openSUSE-2020-1655)NessusSuSE Local Security Checks
high
141161openSUSE Security Update : the Linux Kernel (openSUSE-2020-1586)NessusSuSE Local Security Checks
medium
141094Photon OS 3.0: Linux PHSA-2020-3.0-0145NessusPhotonOS Local Security Checks
high
141091Photon OS 1.0: Linux PHSA-2020-1.0-0329NessusPhotonOS Local Security Checks
high
140959EulerOS Virtualization for ARM 64 3.0.6.0 : kernel (EulerOS-SA-2020-2011)NessusHuawei Local Security Checks
medium
140933Debian DLA-2385-1 : linux-4.19 security updateNessusDebian Local Security Checks
high