A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console calling an ioctl VT_RESIZE which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

🗓️ 25 Sep 2020 07:00:00Reported by MicrosoftType

mscve

mscve🔗 msrc.microsoft.com👁 1 Views

Local user can crash Linux by resizing the console via invert video on video graphics array.

Reporter	Title	Published	Views	Family All 392
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Linux Kernel and Java affect IBM Spectrum Protect Plus	3 Mar 202121:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities.	22 Nov 202206:42	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities	2 Feb 202105:06	–	ibm
Tenable Nessus	Amazon Linux 2 : kernel (ALAS-2020-1495)	1 Oct 202000:00	–	nessus
Tenable Nessus	Amazon Linux AMI : kernel (ALAS-2020-1437)	28 Oct 202000:00	–	nessus
Tenable Nessus	CentOS 8 : kernel (CESA-2020:4286)	1 Feb 202100:00	–	nessus
Tenable Nessus	CentOS 7 : kernel (RHSA-2020:5023)	18 Nov 202000:00	–	nessus
Tenable Nessus	CentOS 7 : kernel-rt (RHSA-2020:5026)	9 Oct 202400:00	–	nessus
Tenable Nessus	Debian DLA-2385-1 : linux-4.19 security update	29 Sep 202000:00	–	nessus
Tenable Nessus	Debian DLA-2420-2 : linux regression update	2 Nov 202000:00	–	nessus

Vulners

Node

microsoft cm1_kernel_5.4.91-3Range<5.4.91-3

25 Sep 2020 07:00Current

8.2High risk

Vulners AI Score8.2

CVSS 3.16.6

CVSS 27.2

EPSS0.00032

Linux kernel invert video video graphics array console resizing out of bounds local attacker privilege escalation