PT-2019-4357 · Linux+5 · Linux Kernel+5

Published

2019-10-03

·

Updated

2024-06-15

·

CVE-2019-17133

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.3.2
Description The issue is related to the function cfg80211 mgd wext giwessid in net/wireless/wext-sme.c, which does not properly handle a long SSID IE, leading to a buffer overflow. This can be exploited by a remote attacker to execute arbitrary code or cause a denial of service. The vulnerability is due to the lack of input size validation when copying data to a buffer.
Recommendations For Linux kernel versions prior to 5.3.2, update to a version that includes the fix for this issue to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

ALT-PU-2019-3058
ALT-PU-2019-3059
ALT-PU-2019-3061
ALT-PU-2019-3065
ALT-PU-2019-3066
ALT-PU-2020-1024
ALT-PU-2020-1421
ALT-PU-2020-1450
ALT-PU-2020-1714
ALT-PU-2020-2410
ALT-PU-2020-2433
BDU:2020-00078
CESA-2020_0374
CESA-2020_0375
CESA-2020_0790
CVE-2019-17133
DLA-2068-1
DLA-2114-1
OPENSUSE-SU-2019:2392-1
OPENSUSE-SU-2019:2444-1
OPENSUSE-SU-2019_2392-1
OPENSUSE-SU-2019_2444-1
OPENSUSE-SU-2024:10728-1
OPENSUSE-SU-2024:13704-1
RHSA-2020:0174
RHSA-2020:0374
RHSA-2020:0375
RHSA-2020:0543
RHSA-2020:0592
RHSA-2020:0609
RHSA-2020:0653
RHSA-2020:0661
RHSA-2020:0664
RHSA-2020:0790
RHSA-2020_0374
RHSA-2020_0375
RHSA-2020_0790
SUSE-SU-2019:14218-1
SUSE-SU-2019:2821-1
SUSE-SU-2019:2829-1
SUSE-SU-2019:2859-1
SUSE-SU-2019:2864-1
SUSE-SU-2019:2879-1
SUSE-SU-2019:2946-1
SUSE-SU-2019:2947-1
SUSE-SU-2019:2949-1
SUSE-SU-2019:2951-1
SUSE-SU-2019:2952-1
SUSE-SU-2019:2953-1
SUSE-SU-2019:2984-1
SUSE-SU-2019:3237-1
SUSE-SU-2019:3294-1
SUSE-SU-2019:3295-1
SUSE-SU-2019_14218-1
SUSE-SU-2020:0093-1
SUSE-SU-2020:0183-1
USN-4208-1
USN-4210-1
USN-4211-1
USN-4211-2
USN-4226-1

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu