CVE-2019-3846
Advisory lineage Upstream: 0 Downstream: 44
Modified
Published: 03 Jun 2019, 18:25
Last modified:04 Aug 2024, 19:19
Vulnerability Summary
Overall Risk (default)
medium
45/100 CVSS Score
8.8 HIGH
v3.1 (nvd)
EPSS Score
1.1% LOW
1% probability +0.73%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected
Timeline
03 Jun 2019, 18:25
Published
Vulnerability first disclosed
04 Aug 2024, 19:19
Last Modified
Vulnerability information updated
Description
A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.
CVSS Metrics
- v3.1•HIGH•Score: 8.8CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- v3.0•HIGH•Score: 8CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- v2.0•HIGH•Score: 8.3AV:A/AC:L/Au:N/C:C/I:C/A:C
EPSS Trends
Current EPSS score: 1.10%• Percentile: 78%
Techniques & Countermeasures
- CWE-787•Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
- CWE-122•Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Affected Systems
- canonical•ubuntu_linux
14.04 | 16.04 | 18.04 | 19.04
- debian•debian_linux
8.0 | 9.0
- fedoraproject•fedora
29 | 30
- linux•linux_kernel
≥ 3.0, < 3.16.70 | ≥ 3.17, < 4.4.186 | ≥ 4.5, < 4.9.186 | ≥ 4.10, < 4.14.134 | ≥ 4.15, < 4.19.59 | ≥ 4.20, < 5.1.18
- netapp•a700s_firmware
na
- netapp•active_iq_unified_manager_for_vmware_vsphere
≥ 9.5
- netapp•cn1610_firmware
na
- netapp•h610s_firmware
na
- netapp•hci_management_node
na
- netapp•solidfire
na
- opensuse•leap
15.0 | 15.1 | 42.3
- redhat•enterprise_linux
6.0 | 7.0 | 8.0
References (28)
- https://seclists.org/oss-sec/2019/q2/133
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3846
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/
- https://www.debian.org/security/2019/dsa-4465
- https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html
- https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html
- https://seclists.org/bugtraq/2019/Jun/26
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html
- https://security.netapp.com/advisory/ntap-20190710-0002/
- https://seclists.org/bugtraq/2019/Jul/33
- http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://usn.ubuntu.com/4093-1/
- https://usn.ubuntu.com/4094-1/
- https://usn.ubuntu.com/4095-2/
- https://usn.ubuntu.com/4095-1/
- http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html
- https://usn.ubuntu.com/4117-1/
- https://usn.ubuntu.com/4118-1/
- https://access.redhat.com/errata/RHSA-2019:2703
- https://access.redhat.com/errata/RHSA-2019:2741
- https://access.redhat.com/errata/RHSA-2019:3076
- https://access.redhat.com/errata/RHSA-2019:3055
- https://access.redhat.com/errata/RHSA-2019:3089
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- https://access.redhat.com/errata/RHSA-2020:0174