Login Sign Up

CVE-2020-13974

7.8 HIGH
Denial of Service

📋 TL;DR

This CVE describes an integer overflow vulnerability in the Linux kernel's keyboard driver (drivers/tty/vt/keyboard.c) that could potentially lead to privilege escalation or denial of service. The vulnerability affects Linux kernel versions 4.4 through 5.7.1, though community members argue it may not be exploitable for security impact. Systems using affected kernel versions with virtual terminal functionality are potentially vulnerable.

💻 Affected Systems

Products:
  • Linux kernel
Versions: 4.4 through 5.7.1
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires virtual terminal (VT) functionality enabled. Some community members argue the integer overflow may not lead to exploitable security issues.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root, kernel panic causing system crash, or arbitrary code execution in kernel context

🟠

Likely Case

Kernel panic leading to denial of service (system crash) requiring reboot

🟢

If Mitigated

No impact if kernel is patched or workarounds applied

🌐 Internet-Facing: LOW - Requires local access to trigger the vulnerability
🏢 Internal Only: MEDIUM - Local users could potentially crash systems or escalate privileges

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Requires local access and specific conditions to trigger the integer overflow multiple times in sequence

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel 5.7.2 and later, backported to stable branches

Vendor Advisory: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b86dab054059b970111b5516ae548efaae5b3aae

Restart Required: Yes

Instructions:

1. Update kernel to version 5.7.2 or later. 2. For older stable branches, apply the backported patch from your distribution vendor. 3. Reboot the system to load the new kernel.

🔧 Temporary Workarounds

Disable virtual terminal access

linux

Restrict access to virtual terminals to prevent triggering the vulnerable code path

chmod 600 /dev/tty*
set restrictive permissions on virtual terminal devices

Use kernel module blacklisting

linux

Prevent loading of vulnerable keyboard modules if not needed

echo 'blacklist keyboard' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

  • Restrict local user access to systems with vulnerable kernels
  • Implement strict access controls and monitoring for virtual terminal usage

🔍 How to Verify

Check if Vulnerable:

Check kernel version: uname -r and compare to affected range 4.4-5.7.1

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is 5.7.2 or later, or check for applied patches in distribution security updates

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages in /var/log/kern.log or dmesg
  • Multiple rapid keyboard input events from single user

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="kern.log" AND "kernel panic" OR "Oops" AND process="keyboard"

📊 Metadata

CVE ID: CVE-2020-13974
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-190
Published: June 9, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-13974, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2019-9930 9.8

CVE-2019-9930 is an integer overflow vulnerability affecting various Lexmark printers and multifunct...

Same vulnerability type (CWE-190)
CVE-2025-52581 9.8

An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh...

Same vulnerability type (CWE-190)