CVE-2019-14897

Advisory lineage Upstream: 0 Downstream: 29

Downstream

DEBIAN-CVE-2019-14897 DLA-2068-1 DLA-2114-1 MGASA-2020-0073 MGASA-2020-0089 OPENSUSE-SU-2020:0336-1

Modified

Published: 29 Nov 2019, 14:00

Last modified:05 Aug 2024, 00:26

Vulnerability Summary

Overall Risk (default)

high

70/100

CVSS Score

9.8 CRITICAL

v3.1 (nvd)

EPSS Score

0.29% LOW

0% probability -0.05%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

29 Nov 2019, 14:00

Published

Vulnerability first disclosed

05 Aug 2024, 00:26

Last Modified

Vulnerability information updated

Description

A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA.

CVSS Metrics

v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
v3.0•MEDIUM•Score: 6.6CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
v2.0•HIGH•Score: 7.5AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 0.29%• Percentile: 53%

Techniques & Countermeasures

CWE-787•Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
CWE-121•Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Affected Systems

canonical•ubuntu_linux
14.04 | 16.04 | 18.04 | 19.10
debian•debian_linux
8.0
linux•linux_kernel
≥ 2.6.32, < 3.16.83 | ≥ 3.17, < 4.4.212 | ≥ 4.5, < 4.9.212 | ≥ 4.10, < 4.14.169 | ≥ 4.15, < 4.19.100 | ≥ 4.20, < 5.4.16
red hat•kernel
version kernel-2.6.32