CVE-2019-14896Heap-based Buffer Overflow in Kernel

CWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds Write23 documents9 sources
Severity
9.8CRITICALNVD
EPSS
0.7%
top 27.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Linux KernelRED HAT KernelCanonical Ubuntu Linux+3 more
Timeline
PublishedNov 27
Latest updateMay 24

Description

A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDlinux/linux_kernel2.6.323.16.83+5
Debianlinux/linux_kernel< 5.4.19-1+3
CVEListV5red_hat/kernelkernel-2.6.32

Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 16.04, 18.04, 19.10, Enterprise Linux 6.0, Fedora 30, 31

🔴Vulnerability Details

11
GHSA
GHSA-93c5-v3v3-mpq3: A vulnerability was found in marvell wifi chip driver in Linux kernel2022-05-24
Kernel
fortify: Detect struct member overflows in memcpy() at compile-time2021-04-20
OSV
linux-hwe vulnerabilities2020-01-18
OSV
linux-azure vulnerabilities2020-01-07
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities2020-01-07

📋Vendor Advisories

9
Ubuntu
Linux kernel (HWE) vulnerabilities2020-01-18
Ubuntu
Linux kernel vulnerabilities2020-01-07
Ubuntu
Linux kernel vulnerabilities2020-01-07
Ubuntu
Linux kernel vulnerabilities2020-01-07
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities2020-01-07

💬Community

2
Bugzilla
CVE-2019-14896 kernel: heap-based buffer overflow in lbs_ibss_join_existing function in drivers/net/wireless/marvell/libertas/cfg.c [fedora-all]2019-11-25
Bugzilla
CVE-2019-14896 kernel: heap-based buffer overflow in lbs_ibss_join_existing function in drivers/net/wireless/marvell/libertas/cfg.c2019-11-21
CVE-2019-14896 — Heap-based Buffer Overflow in Kernel | cvebase