Veracode Vulnerability DatabaseVERACODE:35826Integer Overflow
EPSS
Percentile
33.3%
kernel-rt is vulnerable to integer overflow. No code depends on this integer overflow so it is unlikely that the vulnerability can be used for anything apart from crashing the system. An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case. A flaw integer overflow in the Linux kernel’s virtual terminal keyboard driver was found in the way the user sends some specific keyboard code multiple times. A local user could use this flaw to crash the system or possibly escalate their privileges on the system.
References
lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html
lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/
access.redhat.com/errata/RHSA-2022:1988
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=2016169
git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=dad0bf9ce93fa40b667eccd3306783f4db4b932b
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b86dab054059b970111b5516ae548efaae5b3aae
lists.debian.org/debian-lts-announce/2020/08/msg00019.html
lkml.org/lkml/2020/3/22/482
usn.ubuntu.com/4427-1/
usn.ubuntu.com/4439-1/
usn.ubuntu.com/4440-1/
usn.ubuntu.com/4483-1/
usn.ubuntu.com/4485-1/
www.oracle.com/security-alerts/cpujul2022.html
Related
