CVE-2020-14331
MEDIUMLinux Kernel < 5.7.19 - Out-of-bounds Write via VT_RESIZE ioctl
Title source: llmDescription
A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
References (6)
Core 6
Core References
Exploit, Mailing List, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2020/07/28/2
Mailing List, Patch, Third Party Advisory x_refsource_misc
https://lists.openwall.net/linux-kernel/2020/07/29/234
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1858679
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html
Scores
CVSS v3
6.6
EPSS
0.0003
EPSS Percentile
9.7%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (4)
linux/linux_kernel
5.8.0 rc1 (6 CPE variants)
linux/linux_kernel
< 5.7.19
redhat/enterprise_linux
7.0
redhat/enterprise_linux
8.0
Published
Sep 15, 2020
Tracked Since
Feb 18, 2026