Huawen

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 3.x.x through 4.17.x **Description** A heap-based buffer overflow was discovered in the Marvell WiFi chip driver of the Linux kernel. The issue occurs when handling remote devices' country settings during connection negotiation, potentially allowing a remote device to cause a denial of service or possibly execute arbitrary code. The vulnerability is related to the `mwifiex process country ie()` function and can be exploited by a remote attacker to access confidential data, compromise data integrity, or cause a denial of service. **Recommendations** For Linux kernel versions 3.x.x through 4.17.x, update to version 4.18.0 or later to resolve the issue. As a temporary workaround, consider disabling the `mwifiex process country ie()` function in the Marvell WiFi chip driver to minimize the risk of exploitation. Restrict access to the Marvell WiFi chip driver module to reduce the attack surface until a patch is applied.