7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
31.7%
kernel-rt is vulnerable to integer overflow. No code depends on this integer overflow so it is unlikely that the vulnerability can be used for anything apart from crashing the system. An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case. A flaw integer overflow in the Linux kernel’s virtual terminal keyboard driver was found in the way the user sends some specific keyboard code multiple times. A local user could use this flaw to crash the system or possibly escalate their privileges on the system.
lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html
lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/
access.redhat.com/errata/RHSA-2022:1988
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=2016169
git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=dad0bf9ce93fa40b667eccd3306783f4db4b932b
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b86dab054059b970111b5516ae548efaae5b3aae
lists.debian.org/debian-lts-announce/2020/08/msg00019.html
lkml.org/lkml/2020/3/22/482
usn.ubuntu.com/4427-1/
usn.ubuntu.com/4439-1/
usn.ubuntu.com/4440-1/
usn.ubuntu.com/4483-1/
usn.ubuntu.com/4485-1/
www.oracle.com/security-alerts/cpujul2022.html
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
31.7%