PT-2019-4192 · Linux+5 · Linux Kernel+5
Dhananjay Arunesh
+2
·
Published
2019-11-22
·
Updated
2023-02-12
·
CVE-2019-14901
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions 3.x.x and 4.x.x before 4.18.0
Description
The issue is related to a heap overflow flaw in the Marvell WiFi chip driver of the Linux kernel. This flaw allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code with root permissions, affecting the confidentiality and integrity of files on the system.
Recommendations
For Linux kernel versions 3.x.x and 4.x.x before 4.18.0, update to version 4.18.0 or later to resolve the issue.
As a temporary workaround, consider restricting access to the Marvell WiFi chip driver to minimize the risk of exploitation.
Exploit
Fix
DoS
Resource Exhaustion
Memory Corruption
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu