{"api_version":"1","generated_at":"2026-04-22T23:51:55+00:00","cve":"CVE-2020-14331","urls":{"html":"https://cve.report/CVE-2020-14331","api":"https://cve.report/api/cve/CVE-2020-14331.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-14331","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-14331"},"summary":{"title":"CVE-2020-14331","description":"A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2020-09-15 19:15:00","updated_at":"2023-02-12 23:40:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html","name":"[debian-lts-announce] 20201031 [SECURITY] [DLA 2420-2] linux regression update","refsource":"MLIST","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] [DLA 2420-2] linux regression update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2020:5023","name":"https://access.redhat.com/errata/RHSA-2020:5023","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2020:4286","name":"https://access.redhat.com/errata/RHSA-2020:4286","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1858679","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1858679","refsource":"MISC","tags":["Issue Tracking","Third Party Advisory"],"title":"1858679 – (CVE-2020-14331) CVE-2020-14331 kernel: kernel: buffer over write in vgacon_scroll","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2020:5026","name":"https://access.redhat.com/errata/RHSA-2020:5026","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/security/cve/CVE-2020-14331","name":"https://access.redhat.com/security/cve/CVE-2020-14331","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html","name":"[debian-lts-announce] 20200928 [SECURITY] [DLA 2385-1] linux-4.19 security update","refsource":"MLIST","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] [DLA 2385-1] linux-4.19 security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2020:4289","name":"https://access.redhat.com/errata/RHSA-2020:4289","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.openwall.net/linux-kernel/2020/07/29/234","name":"https://lists.openwall.net/linux-kernel/2020/07/29/234","refsource":"MISC","tags":["Mailing List","Patch","Third Party Advisory"],"title":"linux-kernel - [PATCH] vgacon: fix out of bounds write to the scrollback buffer","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.openwall.com/lists/oss-security/2020/07/28/2","name":"https://www.openwall.com/lists/oss-security/2020/07/28/2","refsource":"MISC","tags":["Exploit","Mailing List","Third Party Advisory"],"title":"oss-security - [CVE-2020-14331] Linux Kernel: buffer over write in\n vgacon_scrollback_update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html","name":"[debian-lts-announce] 20201030 [SECURITY] [DLA 2420-1] linux security update","refsource":"MLIST","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] [DLA 2420-1] linux security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-14331","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14331","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"14331","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"5.8.0","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14331","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"5.8.0","cpe7":"rc2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14331","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"5.8.0","cpe7":"rc3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14331","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"5.8.0","cpe7":"rc4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14331","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"5.8.0","cpe7":"rc5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14331","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"5.8.0","cpe7":"rc6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14331","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"5.8.0","cpe7":"rc1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14331","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"5.8.0","cpe7":"rc2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14331","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"5.8.0","cpe7":"rc3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14331","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"5.8.0","cpe7":"rc4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14331","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"5.8.0","cpe7":"rc5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14331","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"5.8.0","cpe7":"rc6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14331","vulnerable":"1","versionEndIncluding":"5.7.19","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14331","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14331","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14331","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14331","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-14331","qid":"174728","title":"SUSE Enterprise Linux Security update for the Linux Kernel (SUSE-SU-2020:2122-1)"},{"cve":"CVE-2020-14331","qid":"353100","title":"Amazon Linux Security Advisory for kernel : ALAC2012-2021-024"},{"cve":"CVE-2020-14331","qid":"353101","title":"Amazon Linux Security Advisory for kmod-mlx5 : ALAC2012-2021-025"},{"cve":"CVE-2020-14331","qid":"353102","title":"Amazon Linux Security Advisory for kmod-sfc : ALAC2012-2021-026"},{"cve":"CVE-2020-14331","qid":"378473","title":"Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2023:0021)"},{"cve":"CVE-2020-14331","qid":"750376","title":"OpenSUSE Security Update for RT kernel (openSUSE-SU-2021:0242-1)"},{"cve":"CVE-2020-14331","qid":"900076","title":"CBL-Mariner Linux Security Update for kernel 5.4.91"},{"cve":"CVE-2020-14331","qid":"903374","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (3473)"},{"cve":"CVE-2020-14331","qid":"906198","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (3473-1)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2020-14331","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-787","cweId":"CWE-787"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Linux Kernel","version":{"version_data":[{"version_affected":"=","version_value":"All versions of the Linux kernel"}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.openwall.com/lists/oss-security/2020/07/28/2","refsource":"MISC","name":"https://www.openwall.com/lists/oss-security/2020/07/28/2"},{"url":"https://lists.openwall.net/linux-kernel/2020/07/29/234","refsource":"MISC","name":"https://lists.openwall.net/linux-kernel/2020/07/29/234"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1858679","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1858679"},{"url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html","refsource":"MISC","name":"https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html"},{"url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html","refsource":"MISC","name":"https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html"},{"url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html","refsource":"MISC","name":"https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html"}]}},"nvd":{"publishedDate":"2020-09-15 19:15:00","lastModifiedDate":"2023-02-12 23:40:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":6.6,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.7,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndIncluding":"5.7.19","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:5.8.0:rc1:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:5.8.0:rc2:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:5.8.0:rc3:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:5.8.0:rc4:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:5.8.0:rc5:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:5.8.0:rc6:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"14331","Ordinal":"175561","Title":"CVE-2020-14331","CVE":"CVE-2020-14331","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"14331","Ordinal":"1","NoteData":"A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"14331","Ordinal":"2","NoteData":"2020-09-15","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"14331","Ordinal":"3","NoteData":"2020-10-31","Type":"Other","Title":"Modified"}]}}}