CVE-2020-14331

Public Exploit

Description

A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

Link	Tags
https://www.openwall.com/lists/oss-security/2020/07/28/2	mailing list third party advisory exploit
https://lists.openwall.net/linux-kernel/2020/07/29/234	patch mailing list third party advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1858679	third party advisory issue tracking
https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html	third party advisory mailing list
https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html	third party advisory mailing list
https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html	third party advisory mailing list

Frequently Asked Questions

What is the severity of CVE-2020-14331?: CVE-2020-14331 has been scored as a medium severity vulnerability.
How to fix CVE-2020-14331?: To fix CVE-2020-14331, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2020-14331 being actively exploited in the wild?: It is possible that CVE-2020-14331 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-14331?: CVE-2020-14331 affects n/a Linux Kernel.

Description

Category

CWE-787 – Out-of-bounds Write

References

Frequently Asked Questions