CVE-2020-13974

HIGH

Linux Kernel 4.4-5.7.1 - Integer Overflow in VT Keyboard Driver

Title source: llm
STIX 2.1

Description

An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case.

References (12)

Core 12
Core References
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4427-1/
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4439-1/
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4440-1/
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/08/msg00019.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4483-1/
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4485-1/
Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujul2022.html
Exploit, Vendor Advisory x_refsource_misc
https://lkml.org/lkml/2020/3/22/482

Scores

CVSS v3 7.8
EPSS 0.0009
EPSS Percentile 26.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-190
Status published
Products (6)
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 20.04
debian/debian_linux 9.0
linux/linux_kernel < 4.4.227
Published Jun 09, 2020
Tracked Since Feb 18, 2026