Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU30312
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-20636
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code.
In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS
bpftool-debuginfo: before 4.19.90-2004.1.0.0037
bpftool: before 4.19.90-2004.1.0.0037
python3-perf-debuginfo: before 4.19.90-2004.1.0.0037
python3-perf: before 4.19.90-2004.1.0.0037
python2-perf-debuginfo: before 4.19.90-2004.1.0.0037
python2-perf: before 4.19.90-2004.1.0.0037
perf-debuginfo: before 4.19.90-2004.1.0.0037
perf: before 4.19.90-2004.1.0.0037
kernel-tools-devel: before 4.19.90-2004.1.0.0037
kernel-tools-debuginfo: before 4.19.90-2004.1.0.0037
kernel-tools: before 4.19.90-2004.1.0.0037
kernel-source: before 4.19.90-2004.1.0.0037
kernel-devel: before 4.19.90-2004.1.0.0037
kernel-debugsource: before 4.19.90-2004.1.0.0037
kernel-debuginfo: before 4.19.90-2004.1.0.0037
kernel: before 4.19.90-2004.1.0.0037
External linkshttp://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2020-1001
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.