PT-2019-5509 · Linux+5 · Linux Kernel+5

Huangwen

·

Published

2019-08-28

·

Updated

2023-07-12

·

CVE-2019-14816

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.3
Description The issue is related to a heap-based buffer overflow in the Marvell Wi-Fi chip driver of the Linux kernel. This allows local users to cause a denial of service, resulting in a system crash, or possibly execute arbitrary code. The vulnerability is associated with errors in the mwifiex update vs ie() function, which can be exploited to achieve these outcomes.
Recommendations For Linux kernel versions prior to 5.3, consider disabling the Marvell Wi-Fi chip driver as a temporary workaround until a patch is available. Restrict access to the vulnerable mwifiex update vs ie() function to minimize the risk of exploitation. Update to version 5.3 or later to resolve the issue.

Exploit

Fix

DoS

Buffer Overflow

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-120CWE-787CWE-122

Related Identifiers

ALT-PU-2019-2762
ALT-PU-2019-2763
ALT-PU-2019-2764
ALT-PU-2019-2768
ALT-PU-2019-2838
ALT-PU-2019-2842
ALT-PU-2019-2890
ALT-PU-2019-2891
ALT-PU-2020-1025
ALT-PU-2020-1070
ALT-PU-2020-1198
ALT-PU-2020-1501
ALT-PU-2020-1714
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2020-03327
CESA-2020_0328
CESA-2020_0339
CESA-2020_0374
CESA-2020_0375
CVE-2019-14816
DLA-1930-1
DLA-2114-1
ELSA-2020-0339
ELSA-2020-0374
ELSA-2020-5670
ELSA-2020-5676
MGASA-2019-0287
MGASA-2019-0288
MGASA-2019-0333
OPENSUSE-SU-2019:2173-1
OPENSUSE-SU-2019:2181-1
OPENSUSE-SU-2019_2173-1
OPENSUSE-SU-2019_2181-1
RHSA-2020:0174
RHSA-2020:0204
RHSA-2020:0328
RHSA-2020:0339
RHSA-2020:0374
RHSA-2020:0375
RHSA-2020:0653
RHSA-2020:0661
RHSA-2020:0664
RHSA-2020:1266
RHSA-2020:1347
RHSA-2020:1353
RHSA-2020_0328
RHSA-2020_0339
RHSA-2020_0374
RHSA-2020_0375
SUSE-SU-2019:2412-1
SUSE-SU-2019:2414-1
SUSE-SU-2019:2424-1
SUSE-SU-2019:2648-1
SUSE-SU-2019:2651-1
SUSE-SU-2019:2658-1
SUSE-SU-2019:2738-1
SUSE-SU-2019:2756-1
SUSE-SU-2019:2949-1
SUSE-SU-2019:2950-1
SUSE-SU-2019:2984-1
SUSE-SU-2020:2491-1
USN-4157-1
USN-4157-2
USN-4162-1
USN-4162-2
USN-4163-1
USN-4163-2

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu