exploitDog

CVE-2019-20636

Опубликовано: 08 апр. 2020

Источник: nvd

CVSS3: 6.7

CVSS2: 7.2

EPSS Низкий

Описание

In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.

Ссылки

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.12
Release Notes
Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb222aed03d798fc074be55e59d9a112338ee784
Patch
Vendor Advisory
https://github.com/torvalds/linux/commit/cb222aed03d798fc074be55e59d9a112338ee784
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200430-0004/
Third Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.12
Release Notes
Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb222aed03d798fc074be55e59d9a112338ee784
Patch
Vendor Advisory
https://github.com/torvalds/linux/commit/cb222aed03d798fc074be55e59d9a112338ee784
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200430-0004/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия до 3.16.83 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 3.17 (включая) до 4.4.210 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.5 (включая) до 4.9.210 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.10 (включая) до 4.14.165 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.15 (включая) до 4.19.96 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.20 (включая) до 5.4.12 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas_8300:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas_8700:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas_a400:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas_baseboard_management_controller_a220:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas_baseboard_management_controller_a320:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas_baseboard_management_controller_a800:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:fas_baseboard_management_controller_c190:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

EPSS

Процентиль: 32%

0.00117

Низкий

6.7 Medium

CVSS3

7.2 High

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2019-20636

CVSS3: 6.7

ubuntu

около 5 лет назад

In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.

CVE-2019-20636

CVSS3: 6.7

redhat

около 5 лет назад

In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.

CVE-2019-20636

CVSS3: 6.7

debian

около 5 лет назад

In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bo ...

GHSA-rmm3-6hwr-c8q9

CVSS3: 6.7

github

около 3 лет назад

In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.

BDU:2021-03056

CVSS3: 6.7

fstec

больше 5 лет назад

Уязвимость компонента drivers/input/input.c ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 32%

0.00117

Низкий

6.7 Medium

CVSS3

7.2 High

CVSS2

Дефекты

CWE-787