CVE-2019-14896

Advisory lineage Upstream: 0 Downstream: 32
Modified
Published: 27 Nov 2019, 08:05
Last modified:05 Aug 2024, 00:26

Vulnerability Summary

Overall Risk (default)
high
70/100
CVSS Score
10 HIGH
v2.0 (nvd)
EPSS Score
0.74% LOW
1% probability -0.14%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

27 Nov 2019, 08:05
Published
Vulnerability first disclosed
05 Aug 2024, 00:26
Last Modified
Vulnerability information updated

Description

A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.

CVSS Metrics

  • v3.1CRITICALScore: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • v3.0HIGHScore: 7.8CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • v2.0HIGHScore: 10AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 0.74% Percentile: 73%

Techniques & Countermeasures

  • CWE-787Out-of-bounds Write

    The product writes data past the end, or before the beginning, of the intended buffer.

  • CWE-122Heap-based Buffer Overflow

    A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Affected Systems

  • canonicalubuntu_linux

    14.04 | 16.04 | 18.04 | 19.10

  • debiandebian_linux

    8.0

  • fedoraprojectfedora

    30 | 31

  • linuxlinux_kernel

    ≥ 2.6.32, < 3.16.83 | ≥ 3.17, < 4.4.212 | ≥ 4.5, < 4.9.212 | ≥ 4.10, < 4.14.169 | ≥ 4.15, < 4.19.100 | ≥ 4.20, < 5.4.16

  • red hatkernel

    kernel-2.6.32

  • redhatenterprise_linux

    6.0

References (16)