CVE-2019-20636

In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.

CVSS v3.0 6.7 MEDIUM
CVSS v2.0 7.2 HIGH

6.7^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb222aed03d798fc074be55e59d9a112338ee784	Patch Vendor Advisory
https://github.com/torvalds/linux/commit/cb222aed03d798fc074be55e59d9a112338ee784	Patch Third Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.12	Release Notes Vendor Advisory
https://security.netapp.com/advisory/ntap-20200430-0004/	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:netapp:cloud_backup:-:::::::*
	cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::*
	cpe:2.3:a:netapp:solidfire:-:::::::*
	cpe:2.3:h:netapp:h610s:-:::::::*
	cpe:2.3:h:netapp:h300s:-:::::::*
	cpe:2.3:h:netapp:h500s:-:::::::*
	cpe:2.3:h:netapp:h700s:-:::::::*
	cpe:2.3:h:netapp:h410s:-:::::::*
	cpe:2.3:h:netapp:fas_8300:-:::::::*
	cpe:2.3:h:netapp:fas_8700:-:::::::*
	cpe:2.3:h:netapp:h610c:-:::::::*
	cpe:2.3:h:netapp:h615c:-:::::::*
	cpe:2.3:h:netapp:fas_baseboard_management_controller_a320:-:::::::*
	cpe:2.3:h:netapp:fas_baseboard_management_controller_c190:-:::::::*
	cpe:2.3:h:netapp:fas_baseboard_management_controller_a220:-:::::::*
	cpe:2.3:h:netapp:fas_baseboard_management_controller_a800:-:::::::*
	cpe:2.3:h:netapp:fas_a400:-:::::::*

History

09 Nov 2023, 13:57

Type	Values Removed	Values Added
CPE	cpe:2.3:h:netapp:baseboard_management_controller_h610s:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h500s:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h610c:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h700s:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h615c:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h300s:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h410s:-:::::::*	cpe:2.3:h:netapp:h615c:-:::::::* cpe:2.3:h:netapp:h300s:-:::::::* cpe:2.3:h:netapp:h410s:-:::::::* cpe:2.3:h:netapp:h610c:-:::::::* cpe:2.3:h:netapp:h700s:-:::::::* cpe:2.3:h:netapp:h500s:-:::::::* cpe:2.3:h:netapp:h610s:-:::::::*
First Time		Netapp h500s Netapp h300s Netapp h610c Netapp h615c Netapp h410s Netapp h610s Netapp h700s

20 Oct 2023, 21:00

Type	Values Removed	Values Added
CPE		cpe:2.3:h:netapp:fas_baseboard_management_controller_a220:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h610s:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h500s:-:::::::* cpe:2.3:h:netapp:fas_baseboard_management_controller_c190:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h610c:-:::::::* cpe:2.3:h:netapp:fas_baseboard_management_controller_a800:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h615c:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h300s:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h410s:-:::::::* cpe:2.3:h:netapp:fas_baseboard_management_controller_a320:-:::::::* cpe:2.3:h:netapp:fas_8300:-:::::::* cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::* cpe:2.3:a:netapp:cloud_backup:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h700s:-:::::::* cpe:2.3:h:netapp:fas_a400:-:::::::* cpe:2.3:h:netapp:fas_8700:-:::::::* cpe:2.3:a:netapp:solidfire:-:::::::*
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20200430-0004/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20200430-0004/ - Third Party Advisory
References	~~(MLIST) https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html -~~	(MLIST) https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html - Mailing List, Third Party Advisory
References	~~(MLIST) https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html -~~	(MLIST) https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html - Mailing List, Third Party Advisory
First Time		Netapp baseboard Management Controller H410s Netapp solidfire Netapp fas Baseboard Management Controller A320 Netapp fas A400 Netapp fas Baseboard Management Controller C190 Netapp baseboard Management Controller H610c Netapp fas Baseboard Management Controller A800 Netapp baseboard Management Controller H700s Netapp baseboard Management Controller H610s Netapp Netapp fas 8700 Netapp baseboard Management Controller H615c Netapp fas Baseboard Management Controller A220 Netapp baseboard Management Controller H500s Netapp steelstore Cloud Integrated Storage Netapp cloud Backup Netapp baseboard Management Controller H300s Netapp fas 8300

Information

Published : 2020-04-08 14:15

Updated : 2023-11-09 13:57

NVD link : CVE-2019-20636

Mitre link : CVE-2019-20636

JSON object : View

Products Affected

netapp

h410s
h500s
h610s
solidfire
h610c
h615c
h300s
fas_baseboard_management_controller_a800
fas_8300
h700s
fas_baseboard_management_controller_a320
steelstore_cloud_integrated_storage
fas_baseboard_management_controller_c190
fas_8700
fas_baseboard_management_controller_a220
fas_a400
cloud_backup

linux

linux_kernel

CWE

CWE-787

Out-of-bounds Write

6.7 /10