CVE-2019-20636 — MEDIUM (6.7)

Q: What is CVE-2019-20636?

CVE-2019-20636 is a vulnerability with a CVSS score of 6.7 (MEDIUM). In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.

Q: How severe is CVE-2019-20636?

CVE-2019-20636 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-20636?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Netapp Cloud Backup, Netapp Solidfire, Netapp Steelstore Cloud Integrated Storage, Netapp Fas 8300.

Vulnerability Description

In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 3.16.83
Netapp	Cloud Backup	-
Netapp	Solidfire	-
Netapp	Steelstore Cloud Integrated Storage	-
Netapp	Fas 8300	-
Netapp	Fas 8700	-
Netapp	Fas A400	-
Netapp	Fas Baseboard Management Controller A220	-
Netapp	Fas Baseboard Management Controller A320	-
Netapp	Fas Baseboard Management Controller A800	-
Netapp	Fas Baseboard Management Controller C190	-
Netapp	H300S	-
Netapp	H410S	-
Netapp	H500S	-
Netapp	H610C	-
Netapp	H610S	-
Netapp	H615C	-
Netapp	H700S	-

Related Weaknesses (CWE)

CWE-787

References

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.12Release NotesVendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cbPatchVendor Advisory
https://github.com/torvalds/linux/commit/cb222aed03d798fc074be55e59d9a112338ee78PatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.htmlMailing ListThird Party Advisory
https://security.netapp.com/advisory/ntap-20200430-0004/Third Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.12Release NotesVendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cbPatchVendor Advisory
https://github.com/torvalds/linux/commit/cb222aed03d798fc074be55e59d9a112338ee78PatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.htmlMailing ListThird Party Advisory
https://security.netapp.com/advisory/ntap-20200430-0004/Third Party Advisory

FAQ

What is CVE-2019-20636?

CVE-2019-20636 is a vulnerability with a CVSS score of 6.7 (MEDIUM). In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.

How severe is CVE-2019-20636?

CVE-2019-20636 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-20636?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Netapp Cloud Backup, Netapp Solidfire, Netapp Steelstore Cloud Integrated Storage, Netapp Fas 8300.