CVE-2020-14331 in Ubuntu

CVE-2020-14331

Priority

Description

A flaw was found in the Linux kernel’s implementation of the invert video
code on VGA consoles when a local attacker attempts to resize the console,
calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur.
This flaw allows a local user with access to the VGA console to crash the
system, potentially escalating their privileges on the system. The highest
threat from this vulnerability is to data confidentiality and integrity as
well as system availability.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14331
https://www.openwall.com/lists/oss-security/2020/07/28/2

Notes

amurray

CONFIG_VGACON_SOFT_SCROLLBACK is required to be enabled for this to be exploitable. This config option is disabled in Ubuntu kernel configs.

Package

Source: linux (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	not-affected (config not enabled)
Ubuntu 20.04 LTS:	not-affected (config not enabled)
Ubuntu 16.04 ESM:	not-affected (config not enabled)
Ubuntu 14.04 ESM:	ignored (was not-affected [config not enabled])

Patches:

Introduced by

15bdab959c9bb909c0317480dd9b35748a8f7887

Fixed by

ebfdfeeae8c01fcb2b3b74ffaf03876e20835d2d

Package

Source: linux-aws (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	not-affected (config not enabled)
Ubuntu 20.04 LTS:	not-affected (config not enabled)
Ubuntu 16.04 ESM:	not-affected (config not enabled)
Ubuntu 14.04 ESM:	ignored (was not-affected [config not enabled])

Patches:

Package

Source: linux-aws-5.0 (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-aws-5.3 (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	ignored (was not-affected [config not enabled])
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-aws-5.4 (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	not-affected (config not enabled)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-aws-hwe (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 16.04 ESM:	not-affected (config not enabled)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-azure (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	not-affected (config not enabled)
Ubuntu 16.04 ESM:	not-affected (config not enabled)
Ubuntu 14.04 ESM:	ignored (was not-affected [config not enabled])

Patches:

Package

Source: linux-azure-4.15 (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	not-affected (config not enabled)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-azure-5.3 (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	ignored (was not-affected [config not enabled])
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-azure-5.4 (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	not-affected (config not enabled)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-azure-edge (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gcp (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	not-affected (config not enabled)
Ubuntu 16.04 ESM:	not-affected (config not enabled)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gcp-4.15 (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	not-affected (config not enabled)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gcp-5.3 (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	not-affected (5.3.0-1008.9~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gcp-5.4 (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	not-affected (config not enabled)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gcp-edge (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gke-4.15 (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	not-affected (config not enabled)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gke-5.0 (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	not-affected (config not enabled)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-gke-5.3 (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	not-affected (config not enabled)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-hwe (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	not-affected (config not enabled)
Ubuntu 20.04 LTS:	DNE
Ubuntu 16.04 ESM:	not-affected (config not enabled)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-hwe-5.4 (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	not-affected (config not enabled)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-hwe-edge (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	DNE
Ubuntu 16.04 ESM:	ignored (was needs-triage now end-of-life)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-kvm (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	not-affected (config not enabled)
Ubuntu 20.04 LTS:	not-affected (config not enabled)
Ubuntu 16.04 ESM:	not-affected (config not enabled)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-lts-trusty (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-lts-xenial (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	ignored (was not-affected [config not enabled])

Patches:

Package

Source: linux-oem (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	not-affected (config not enabled)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oem-5.6 (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	not-affected (config not enabled)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oem-osp1 (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	not-affected (config not enabled)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oracle (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	not-affected (config not enabled)
Ubuntu 20.04 LTS:	not-affected (config not enabled)
Ubuntu 16.04 ESM:	not-affected (config not enabled)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oracle-5.0 (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oracle-5.3 (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	not-affected (5.3.0-1011.12~18.04.1)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-oracle-5.4 (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	not-affected (config not enabled)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-raspi (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	not-affected (config not enabled)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-raspi-5.4 (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	not-affected (config not enabled)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-raspi2 (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	not-affected (config not enabled)
Ubuntu 20.04 LTS:	ignored (was needs-triage now end-of-life)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-raspi2-5.3 (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	not-affected (config not enabled)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-riscv (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	not-affected (config not enabled)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: linux-snapdragon (LP Ubuntu Debian)

Upstream:	released (5.9~rc1)
Ubuntu 18.04 LTS:	not-affected (config not enabled)
Ubuntu 20.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

More Information

Updated: 2022-04-13 14:09:15 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)