PT-2019-1109 · Linux+5 · Linux Kernel+5

Published

2019-09-11

·

Updated

2022-11-03

·

CVE-2019-16746

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.2.17
Description: The issue is related to a buffer overflow in the Linux kernel, specifically in the net/wireless/nl80211.c component. It occurs due to the lack of length checking for variable elements in a beacon head. This could potentially allow a remote attacker to execute arbitrary code. Additionally, there is a possible out of bounds read due to a missing bounds check during the initial processing of a beacon packet, which could lead to local information disclosure without requiring additional execution privileges.
Recommendations: For Linux kernel versions through 5.2.17, update to a version newer than 5.2.17 to resolve the issue. As a temporary workaround, consider restricting access to the net/wireless/nl80211.c component to minimize the risk of exploitation.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

ALT-PU-2019-2900
ALT-PU-2019-2901
ALT-PU-2019-2930
ALT-PU-2019-2931
ALT-PU-2019-3061
ALT-PU-2020-1024
ALT-PU-2020-1421
ALT-PU-2020-1450
ALT-PU-2020-1714
ALT-PU-2020-2410
ALT-PU-2020-2433
ASB-A-145728612
BDU:2019-03507
CESA-2020_1016
CESA-2020_1769
CVE-2019-16746
DLA-2068-1
DLA-2114-1
OPENSUSE-SU-2020:0336-1
OPENSUSE-SU-2020:1153-1
OPENSUSE-SU-2020_0336-1
OPENSUSE-SU-2020_1153-1
RHSA-2020:1016
RHSA-2020:1070
RHSA-2020:1769
RHSA-2020_1016
RHSA-2020_1070
RHSA-2020_1769
SUSE-SU-2019:3389-1
SUSE-SU-2020:0093-1
SUSE-SU-2020:0511-1
SUSE-SU-2020:0560-1
SUSE-SU-2020:0613-1
SUSE-SU-2020:0667-1
SUSE-SU-2020:2106-1
SUSE-SU-2020:2107-1
SUSE-SU-2020:2119-1
SUSE-SU-2020:2121-1
SUSE-SU-2020:2122-1
SUSE-SU-2020:2156-1
SUSE-SU-2020:2478-1
SUSE-SU-2020:2491-1
SUSE-SU-2020:2492-1
SUSE-SU-2020:2497-1
SUSE-SU-2020:2498-1
SUSE-SU-2020:2499-1
SUSE-SU-2020:2502-1
SUSE-SU-2020:2505-1
SUSE-SU-2020:2506-1
SUSE-SU-2020:2507-1
SUSE-SU-2020:2508-1
SUSE-SU-2020:2509-1
SUSE-SU-2020:2513-1
SUSE-SU-2020:2524-1
SUSE-SU-2020:2526-1
SUSE-SU-2020:2576-1
SUSE-SU-2020:2582-1
SUSE-SU-2020_2106-1
SUSE-SU-2020_2107-1
SUSE-SU-2020_2121-1
SUSE-SU-2020_2499-1
SUSE-SU-2020_2502-1
SUSE-SU-2020_2524-1
SUSE-SU-2021:14630-1
SUSE-SU-2021_14630-1
USN-4183-1
USN-4186-1
USN-4209-1
USN-4210-1

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu