CVE-2020-14390
Advisory lineage Upstream: 0 Downstream: 25
Modified
Published: 18 Sept 2020, 17:42
Last modified:04 Aug 2024, 12:46
Vulnerability Summary
Overall Risk (default)
low
22/100 CVSS Score
5.6 MEDIUM
v3.1 (nvd)
EPSS Score
0.16% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
18 Sept 2020, 17:42
Published
Vulnerability first disclosed
04 Aug 2024, 12:46
Last Modified
Vulnerability information updated
Description
A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.6CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H
- v2.0•MEDIUM•Score: 4.6AV:L/AC:L/Au:N/C:P/I:P/A:P
EPSS Trends
Current EPSS score: 0.16%• Percentile: 37%
Techniques & Countermeasures
- CWE-787•Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
Affected Systems
- debian•debian_linux
9.0
- linux•linux_kernel
≥ 2.2.3, < 5.9.0 | 5.9.0 | 5.9.0:rc1 | 5.9.0:rc2 | 5.9.0:rc3 | 5.9.0:rc4 | 5.9.0:rc5
References (5)
- https://bugzilla.redhat.com/show_bug.cgi?id=1876788
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html