PT-2019-4202 · Linux+5 · Linux Kernel+5

Huawen

+1

·

Published

2019-11-25

·

Updated

2023-02-12

·

CVE-2019-14895

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions 3.x.x through 4.17.x
Description A heap-based buffer overflow was discovered in the Marvell WiFi chip driver of the Linux kernel. The issue occurs when handling remote devices' country settings during connection negotiation, potentially allowing a remote device to cause a denial of service or possibly execute arbitrary code. The vulnerability is related to the mwifiex process country ie() function and can be exploited by a remote attacker to access confidential data, compromise data integrity, or cause a denial of service.
Recommendations For Linux kernel versions 3.x.x through 4.17.x, update to version 4.18.0 or later to resolve the issue. As a temporary workaround, consider disabling the mwifiex process country ie() function in the Marvell WiFi chip driver to minimize the risk of exploitation. Restrict access to the Marvell WiFi chip driver module to reduce the attack surface until a patch is applied.

Exploit

Fix

DoS

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

ALT-PU-2020-1044
ALT-PU-2020-1045
ALT-PU-2020-1046
ALT-PU-2020-1047
ALT-PU-2020-1048
ALT-PU-2020-1067
ALT-PU-2020-1070
ALT-PU-2020-1078
ALT-PU-2020-1189
ALT-PU-2020-1421
ALT-PU-2020-1450
ALT-PU-2020-1714
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1745
BDU:2019-04799
CESA-2020_0328
CESA-2020_0339
CESA-2020_0374
CESA-2020_0375
CVE-2019-14895
DLA-2068-1
DLA-2114-1
MGASA-2020-0041
MGASA-2020-0089
OPENSUSE-SU-2019:2675-1
OPENSUSE-SU-2019_2675-1
RHSA-2020:0328
RHSA-2020:0339
RHSA-2020:0374
RHSA-2020:0375
RHSA-2020:0543
RHSA-2020:0592
RHSA-2020:0609
RHSA-2020:0653
RHSA-2020:0661
RHSA-2020:0664
RHSA-2020:0831
RHSA-2020:1493
RHSA-2020_0328
RHSA-2020_0339
RHSA-2020_0374
RHSA-2020_0375
SUSE-SU-2019:3200-1
SUSE-SU-2019:3289-1
SUSE-SU-2019:3316-1
SUSE-SU-2019:3317-1
SUSE-SU-2019:3371-1
SUSE-SU-2019:3372-1
SUSE-SU-2019:3379-1
SUSE-SU-2019:3381-1
SUSE-SU-2020:0093-1
SUSE-SU-2020:0599-1
SUSE-SU-2020:0613-1
SUSE-SU-2020:0667-1
SUSE-SU-2020:1255-1
SUSE-SU-2020:2491-1
SUSE-SU-2020:2492-1
SUSE-SU-2020:2497-1
SUSE-SU-2020:2498-1
SUSE-SU-2020:2505-1
SUSE-SU-2020:2506-1
SUSE-SU-2020:2513-1
SUSE-SU-2020:2526-1
USN-4225-1
USN-4225-2
USN-4226-1
USN-4227-1
USN-4227-2
USN-4228-1
USN-4228-2

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu