CVE-2020-13974

An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case.

Published: Jun 9, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-13974
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-190

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	-	4.4.227
linux / linux_kernel	4.5	4.9.227
linux / linux_kernel	4.10	4.14.184
linux / linux_kernel	4.15	4.19.128
linux / linux_kernel	4.20	5.4.46
linux / linux_kernel	5.5	5.6.18
linux / linux_kernel	5.7	5.7.2
debian / debian_linux	9.0	9.0.x
canonical / ubuntu_linux	18.04	18.04.x
canonical / ubuntu_linux	14.04	14.04.x
canonical / ubuntu_linux	20.04	20.04.x
canonical / ubuntu_linux	16.04	16.04.x

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=dad0bf9ce93fa40b667eccd3306783f4db4b932b
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b86dab054059b970111b5516ae548efaae5b3aae
https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html
https://lkml.org/lkml/2020/3/22/482
https://usn.ubuntu.com/4427-1/
https://usn.ubuntu.com/4439-1/
https://usn.ubuntu.com/4440-1/
https://usn.ubuntu.com/4483-1/
https://usn.ubuntu.com/4485-1/
https://www.oracle.com/security-alerts/cpujul2022.html

Vulnerability Database

289,871

CVE-2020-13974