CVE-2019-14896

Name of the Vulnerable Software and Affected Versions Linux kernel version kernel-2.6.32

Description A heap-based buffer overflow vulnerability was found in the Linux kernel's Marvell WiFi chip driver. This issue is related to the lbs ibss join existing function and the add ie rates function in the drivers/net/wireless/marvell/libertas/cfg.c file. A remote attacker could cause a denial of service (system crash) or possibly execute arbitrary code when the lbs ibss join existing function is called after a STA connects to an AP. The vulnerability also allows an attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For Linux kernel version kernel-2.6.32, consider disabling the lbs ibss join existing function and restricting access to the add ie rates function in the drivers/net/wireless/marvell/libertas/cfg.c file as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.