CVE-2019-10126

CWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds Write18 documents9 sources
Severity
9.8CRITICAL
EPSS
3.2%
top 13.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
18
Linux Linux KernelCanonical Ubuntu LinuxDebian Debian Linux+15 more
Timeline
PublishedJun 14
Latest updateMay 24

Description

A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages11 packages

NVDlinux/linux_kernel4.24.4.186+4
Debianlinux< 4.19.37-4+3
Ubuntulinux-hwe< 5.0.0-25.26~18.04.1
Ubuntulinux-azure< 5.0.0-1014.14~18.04.1
CVEListV5kerneln/a

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04, 19.04, Enterprise Linux 8.0, 8.2, 8.4, 7.7, 8.1, 7, 8

Patches

Patch: packetstormsecurity.comPatch: bugzilla.redhat.comPatch: seclists.org

🔴Vulnerability Details

7
GHSA
GHSA-9cvm-77fp-94cr: A flaw was found in the Linux kernel2022-05-24
Kernel
fortify: Detect struct member overflows in memcpy() at compile-time2021-04-20
OSV
linux, linux-hwe, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities2019-08-13
OSV
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities2019-08-13
OSV
linux-lts-xenial, linux-aws vulnerabilities2019-08-13

📋Vendor Advisories

8
Ubuntu
Linux kernel (AWS) vulnerabilities2019-09-02
Ubuntu
Linux kernel (AWS) vulnerabilities2019-09-02
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities2019-08-13
Ubuntu
Linux kernel vulnerabilities2019-08-13
Ubuntu
Linux kernel vulnerabilities2019-08-13

💬Community

2
Bugzilla
CVE-2019-10126 kernel: Heap Overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c [fedora-all]2019-06-13
Bugzilla
CVE-2019-10126 kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c2019-06-04