CVE-2019-14895
Severity
9.8CRITICAL
EPSS
0.8%
top 25.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 29
Latest updateMay 24
Description
A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages18 packages
Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 16.04, 18.04, 19.04, 19.10, Fedora 30, 31
Patches
🔴Vulnerability Details
13GHSA▶
GHSA-vxv9-h8fr-8f88: A heap-based buffer overflow was discovered in the Linux kernel, all versions 3↗2022-05-24
📋Vendor Advisories
9💬Community
2Bugzilla▶
CVE-2019-14895 kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c [fedora-all]↗2019-11-25
Bugzilla▶
CVE-2019-14895 kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c↗2019-11-21