CVE-2019-20636

moderate-risk
Published 2020-04-08

In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.

Do I need to act?

-
0.11% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.7/10 Medium
LOCAL / LOW complexity

Affected Products (18)

Fas 8300
Fas 8700
Fas A400
Fas Baseboard Management Controller A220
Fas Baseboard Management Controller A320
Fas Baseboard Management Controller A800
Fas Baseboard Management Controller C190
H610C
H610S
H615C

Affected Vendors

Linux Netapp

References (12)

Release Notes https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.12
Patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb...
Patch https://github.com/torvalds/linux/commit/cb222aed03d798fc074be55e59d9a112338ee78...
Mailing List https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
Mailing List https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
Third Party Advisory https://security.netapp.com/advisory/ntap-20200430-0004/
Release Notes https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.12
Patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb...
Patch https://github.com/torvalds/linux/commit/cb222aed03d798fc074be55e59d9a112338ee78...
Mailing List https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
Mailing List https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
Third Party Advisory https://security.netapp.com/advisory/ntap-20200430-0004/
40
/ 100
moderate-risk
Severity 21/34 · High
Exploitability 0/34 · Minimal
Exposure 19/34 · Moderate