CVE-2020-13974

Sažetak

An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case.

Reference

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b86dab054059b970111b5516ae548efaae5b3aae
https://lkml.org/lkml/2020/3/22/482
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html
https://usn.ubuntu.com/4427-1/
https://usn.ubuntu.com/4439-1/
https://usn.ubuntu.com/4440-1/
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html
https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html
https://usn.ubuntu.com/4483-1/
https://usn.ubuntu.com/4485-1/
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=dad0bf9ce93fa40b667eccd3306783f4db4b932b
https://www.oracle.com/security-alerts/cpujul2022.html

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

24-02-2023 - 18:42

Objavljeno

09-06-2020 - 05:15