CVE-2020-14331

CVSS v3.1 6.6 (Medium)

CVSS v2.0 7.2 (High)

EPSS 0.04 % (5^th)

Affected Products 2

Advisories 55

A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Weaknesses

CWE-787: Out-of-bounds Write

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2020-09-15 19:15:12
(4 years ago)
Updated Date: 2023-02-12 23:40:06
(19 months ago)

Affected Products

Linux

Linux Kernel

Redhat

Enterprise Linux

Configuration #1

	CPE23	Up To
Linux Kernel 5.7.19 and prior versions	cpe:2.3:o:linux:linux_kernel	<= 5.7.19
Linux Kernel 5.8.0 Rc1	cpe:2.3:o:linux:linux_kernel:5.8.0:rc1
Linux Kernel 5.8.0 Rc2	cpe:2.3:o:linux:linux_kernel:5.8.0:rc2
Linux Kernel 5.8.0 Rc3	cpe:2.3:o:linux:linux_kernel:5.8.0:rc3
Linux Kernel 5.8.0 Rc4	cpe:2.3:o:linux:linux_kernel:5.8.0:rc4
Linux Kernel 5.8.0 Rc5	cpe:2.3:o:linux:linux_kernel:5.8.0:rc5
Linux Kernel 5.8.0 Rc6	cpe:2.3:o:linux:linux_kernel:5.8.0:rc6

Configuration #2

		CPE23	From	Up To
	Redhat Enterprise Linux 7.0	cpe:2.3:o:redhat:enterprise_linux:7.0
	Redhat Enterprise Linux 8.0	cpe:2.3:o:redhat:enterprise_linux:8.0