CVE-2019-14897

CWE-121 — Stack-based Buffer Overflow CWE-787 — Out-of-bounds Write22 documents9 sources

Severity

9.8CRITICAL

EPSS

0.3%

top 42.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel RED HAT Kernel Canonical Ubuntu Linux +1 more

Timeline

PublishedNov 29

Latest updateMay 24

Description

A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDlinux/linux_kernel2.6.32 — 3.16.83+5

▶CVEListV5red_hat/kernelversion kernel-2.6.32

▶Debianlinux< 5.4.19-1+3

Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 16.04, 18.04, 19.10

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-4r86-rrx3-8x44: A stack-based buffer overflow was found in the Linux kernel, version kernel-2↗2022-05-24

▶

Kernel

fortify: Detect struct member overflows in memcpy() at compile-time↗2021-04-20

▶

OSV

linux-hwe vulnerabilities↗2020-01-18

▶

OSV

linux-azure vulnerabilities↗2020-01-07

▶

OSV

linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities↗2020-01-07

▶

📋Vendor Advisories

Ubuntu

Linux kernel (HWE) vulnerabilities↗2020-01-18

▶

Ubuntu

Linux kernel vulnerabilities↗2020-01-07

▶

Ubuntu

Linux kernel vulnerabilities↗2020-01-07

▶

Ubuntu

Linux kernel vulnerabilities↗2020-01-07

▶

Ubuntu

Linux kernel (Xenial HWE) vulnerabilities↗2020-01-07

▶

💬Community

Bugzilla

CVE-2019-14897 kernel: stack-based buffer overflow in add_ie_rates function in drivers/net/wireless/marvell/libertas/cfg.c [fedora-all]↗2019-11-25

▶

Bugzilla

CVE-2019-14897 kernel: stack-based buffer overflow in add_ie_rates function in drivers/net/wireless/marvell/libertas/cfg.c↗2019-11-21

▶