CVE-2019-14901
published 2019-11-29CVE-2019-14901: A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote…
PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
16.91%
96.7th percentile
A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | linux | < linux 5.4.13-1 (bookworm) | linux 5.4.13-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| linux | linux_kernel | >= 0 < 5.4.13-1 | 5.4.13-1 |
| linux | linux_kernel | >= 0 < 5.4.13-1 | 5.4.13-1 |
| linux | linux_kernel | >= 0 < 5.4.13-1 | 5.4.13-1 |
| linux | linux_kernel | >= 0 < 5.4.13-1 | 5.4.13-1 |
| linux | linux_kernel | >= 0 < 4.4.0-171.200 | 4.4.0-171.200 |
| linux | linux_kernel | >= 0 < 4.15.0-74.84 | 4.15.0-74.84 |
| linux | linux_kernel | >= 3.15 < 3.16.83 | 3.16.83 |
| linux | linux_kernel | >= 3.17 < 4.4.217 | 4.4.217 |
| linux | linux_kernel | >= 4.10 < 4.14.164 | 4.14.164 |
| linux | linux_kernel | >= 4.15 < 4.19.95 | 4.19.95 |
| linux | linux_kernel | >= 4.20 < 5.4.11 | 5.4.11 |
| linux | linux_kernel | >= 4.5 < 4.9.217 | 4.9.217 |
| red_hat | kernel | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerable function is mwifiex_process_tdls_action_frame() in drivers/net/wireless/marvell/mwifiex/tdls.c — monitor for heap overflow triggered by malformed TDLS frames ↗
- →Trigger condition: a TDLS Setup Request or Response frame containing an EID_SUPP_RATES IE with length greater than 32 bytes causes the heap overflow — inspect 802.11 TDLS frames for oversized Supported Rates IEs ↗
- →Affected kernel path for source-level or binary analysis: marvell/mwifiex/tdls.c ↗
- ·Vulnerability affects Linux kernel versions 3.x.x and all 4.x.x before 4.18.0; systems running kernels in this range with the Marvell WiFi (mwifiex) driver loaded are at risk ↗
- ·Exploitation is remote and unauthenticated — no local access required; attacker only needs to be able to send TDLS frames to the victim station ↗
- ·Successful code execution runs with root privileges, impacting confidentiality and integrity in addition to availability ↗
- ·Red Hat Enterprise Linux 5 and 6 are listed as Not Affected; Red Hat Enterprise MRG 2 (kernel-rt) is Affected ↗
- ·Upstream patch available at patchwork.kernel.org; Debian resolved in kernel 5.4.13-1 ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.08.8HIGHCVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6mpr-24px-gq7m: A heap overflow flaw was found in the Linux kernel, all versions 3
ghsa_unreviewed·2022-05-24
CVE-2019-14901 [HIGH] CWE-400 GHSA-6mpr-24px-gq7m: A heap overflow flaw was found in the Linux kernel, all versions 3
A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.
Kernel
fortify: Detect struct member overflows in memcpy() at compile-time
kernel_security·2021-04-20
CVE-2019-0145 fortify: Detect struct member overflows in memcpy() at compile-time
fortify: Detect struct member overflows in memcpy() at compile-time
memcpy() is dead; long live memcpy()
tl;dr: In order to eliminate a large class of common buffer overflow
flaws that continue to persist in the kernel, have memcpy() (under
CONFIG_FORTIFY_SOURCE) perform bounds checking of the destination struct
member when they have a known size. This would have caught all of the
memcpy()-related buffer write overflow flaws identified in at least the
last three years.
Background and analysis:
While stack-based buffer overflow flaws are largely mitigated by stack
canaries (and similar) features, heap-based buffer overflow flaws continue
to regularly appear in the kernel. Many classes of heap buffer overflows
are mitigated by FORTIFY_SOURCE when using the strcpy() family of
functions, b
OSV
linux-hwe vulnerabilities
osv·2020-01-18·CVSS 9.8
CVE-2019-14895 [CRITICAL] linux-hwe vulnerabilities
linux-hwe vulnerabilities
USN-4225-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.10.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 19.10 for Ubuntu 18.04 LTS.
It was discovered that a heap-based buffer overflow existed in the Marvell
WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-14895, CVE-2019-14901)
It was discovered that a heap-based buffer overflow existed in the Marvell
Libertas WLAN Driver for the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2019-14896, CVE-2019-14897)
It was discover
OSV
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
osv·2020-01-07·CVSS 9.8
CVE-2019-14895 [CRITICAL] linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
It was discovered that a heap-based buffer overflow existed in the Marvell
WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-14895, CVE-2019-14901)
It was discovered that a heap-based buffer overflow existed in the Marvell
Libertas WLAN Driver for the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2019-14896, CVE-2019-14897)
Anthony Steinhauser discovered that the Linux kernel did not properly
perform Spectre_RSB mitigations to all processors for PowerPC architecture
systems in some situations
OSV
linux-azure vulnerabilities
osv·2020-01-07·CVSS 9.8
CVE-2019-14895 [CRITICAL] linux-azure vulnerabilities
linux-azure vulnerabilities
USN-4227-1 fixed vulnerabilities in the Linux kernel for Ubuntu
18.04 LTS. This update provides the corresponding updates for the
Linux kernel for Microsoft Azure Cloud systems for Ubuntu 14.04 ESM.
It was discovered that a heap-based buffer overflow existed in the Marvell
WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-14895, CVE-2019-14901)
It was discovered that a heap-based buffer overflow existed in the Marvell
Libertas WLAN Driver for the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2019-14896, CVE-2019-14897)
It was discovered t
OSV
linux, linux-aws, linux-aws-5.0, linux-azure, linux-gcp, linux-gke-5.0, linux-kvm, linux-oem-osp1, linux-oracle, linux-oracle-5.0, linux-raspi2 vulnerabilities
osv·2020-01-07·CVSS 8.8
CVE-2019-10220 [HIGH] linux, linux-aws, linux-aws-5.0, linux-azure, linux-gcp, linux-gke-5.0, linux-kvm, linux-oem-osp1, linux-oracle, linux-oracle-5.0, linux-raspi2 vulnerabilities
linux, linux-aws, linux-aws-5.0, linux-azure, linux-gcp, linux-gke-5.0, linux-kvm, linux-oem-osp1, linux-oracle, linux-oracle-5.0, linux-raspi2 vulnerabilities
Michael Hanselmann discovered that the CIFS implementation in the Linux
kernel did not sanitize paths returned by an SMB server. An attacker
controlling an SMB server could use this to overwrite arbitrary files.
(CVE-2019-10220)
It was discovered that a heap-based buffer overflow existed in the Marvell
WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-14895, CVE-2019-14901)
It was discovered that a heap-based buffer overflow existed in the Marvell
Libertas WLAN Driver for the Linux kernel. A physically proxi
OSV
linux-lts-xenial, linux-aws vulnerabilities
osv·2020-01-07·CVSS 9.8
[CRITICAL] linux-lts-xenial, linux-aws vulnerabilities
linux-lts-xenial, linux-aws vulnerabilities
USN-4228-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 ESM.
It was discovered that a heap-based buffer overflow existed in the Marvell
WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-14895, CVE-2019-14901)
It was discovered that a heap-based buffer overflow existed in the Marvell
Libertas WLAN Driver for the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2019-14896, CVE-20
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
osv·2020-01-07·CVSS 9.8
CVE-2019-14895 [CRITICAL] linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
It was discovered that a heap-based buffer overflow existed in the Marvell
WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-14895, CVE-2019-14901)
It was discovered that a heap-based buffer overflow existed in the Marvell
Libertas WLAN Driver for the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2019-14896, CVE-2019-14897)
It was discovered that the Fujitsu ES network device driver for the Linux
kernel
OSV
linux, linux-aws, linux-azure, linux-azure-5.3, linux-gcp, linux-gcp-5.3, linux-kvm, linux-oracle, linux-raspi2 vulnerabilities
osv·2020-01-07·CVSS 9.8
CVE-2019-14895 [CRITICAL] linux, linux-aws, linux-azure, linux-azure-5.3, linux-gcp, linux-gcp-5.3, linux-kvm, linux-oracle, linux-raspi2 vulnerabilities
linux, linux-aws, linux-azure, linux-azure-5.3, linux-gcp, linux-gcp-5.3, linux-kvm, linux-oracle, linux-raspi2 vulnerabilities
It was discovered that a heap-based buffer overflow existed in the Marvell
WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-14895, CVE-2019-14901)
It was discovered that a heap-based buffer overflow existed in the Marvell
Libertas WLAN Driver for the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2019-14896, CVE-2019-14897)
It was discovered that the Fujitsu ES network device driver for the Linux
kernel did not properly check for errors in s
OSV
CVE-2019-14901: A heap overflow flaw was found in the Linux kernel, all versions 3
osv·2019-11-29·CVSS 9.8
CVE-2019-14901 [CRITICAL] CVE-2019-14901: A heap overflow flaw was found in the Linux kernel, all versions 3
A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.
Ubuntu
Linux kernel (HWE) vulnerabilities
vendor_ubuntu·2020-01-18·CVSS 9.8
CVE-2019-14895 [CRITICAL] Linux kernel (HWE) vulnerabilities
Title: Linux kernel (HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-4225-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.10.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 19.10 for Ubuntu 18.04 LTS.
It was discovered that a heap-based buffer overflow existed in the Marvell
WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-14895, CVE-2019-14901)
It was discovered that a heap-based buffer overflow existed in the Marvell
Libertas WLAN Driver for the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash) or
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2020-01-07·CVSS 9.8
CVE-2019-14895 [CRITICAL] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that a heap-based buffer overflow existed in the Marvell
WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-14895, CVE-2019-14901)
It was discovered that a heap-based buffer overflow existed in the Marvell
Libertas WLAN Driver for the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2019-14896, CVE-2019-14897)
It was discovered that the Fujitsu ES network device driver for the Linux
kernel did not properly check for errors in some situations, leading to
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2020-01-07·CVSS 9.8
CVE-2019-14895 [CRITICAL] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that a heap-based buffer overflow existed in the Marvell
WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-14895, CVE-2019-14901)
It was discovered that a heap-based buffer overflow existed in the Marvell
Libertas WLAN Driver for the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2019-14896, CVE-2019-14897)
It was discovered that the Fujitsu ES network device driver for the Linux
kernel did not properly check for errors in some situations, leading to
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2020-01-07·CVSS 9.8
CVE-2019-14895 [CRITICAL] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that a heap-based buffer overflow existed in the Marvell
WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-14895, CVE-2019-14901)
It was discovered that a heap-based buffer overflow existed in the Marvell
Libertas WLAN Driver for the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2019-14896, CVE-2019-14897)
Anthony Steinhauser discovered that the Linux kernel did not properly
perform Spectre_RSB mitigations to all processors for PowerPC architecture
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities
vendor_ubuntu·2020-01-07·CVSS 9.8
CVE-2019-14895 [CRITICAL] Linux kernel (Xenial HWE) vulnerabilities
Title: Linux kernel (Xenial HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-4228-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 ESM.
It was discovered that a heap-based buffer overflow existed in the Marvell
WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-14895, CVE-2019-14901)
It was discovered that a heap-based buffer overflow existed in the Marvell
Libertas WLAN Driver for the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (sy
Ubuntu
Linux kernel (Azure) vulnerabilities
vendor_ubuntu·2020-01-07·CVSS 9.8
CVE-2019-14895 [CRITICAL] Linux kernel (Azure) vulnerabilities
Title: Linux kernel (Azure) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-4227-1 fixed vulnerabilities in the Linux kernel for Ubuntu
18.04 LTS. This update provides the corresponding updates for the
Linux kernel for Microsoft Azure Cloud systems for Ubuntu 14.04 ESM.
It was discovered that a heap-based buffer overflow existed in the Marvell
WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-14895, CVE-2019-14901)
It was discovered that a heap-based buffer overflow existed in the Marvell
Libertas WLAN Driver for the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash) or poss
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2020-01-07·CVSS 8.8
CVE-2019-10220 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Michael Hanselmann discovered that the CIFS implementation in the Linux
kernel did not sanitize paths returned by an SMB server. An attacker
controlling an SMB server could use this to overwrite arbitrary files.
(CVE-2019-10220)
It was discovered that a heap-based buffer overflow existed in the Marvell
WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-14895, CVE-2019-14901)
It was discovered that a heap-based buffer overflow existed in the Marvell
Libertas WLAN Driver for the Linux kernel. A physically proximate attacker
could use this to cause a denial of service
Red Hat
kernel: heap overflow in marvell/mwifiex/tdls.c
vendor_redhat·2019-11-22·CVSS 9.8
CVE-2019-14901 [CRITICAL] CWE-805 kernel: heap overflow in marvell/mwifiex/tdls.c
kernel: heap overflow in marvell/mwifiex/tdls.c
A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.
A heap overflow flaw was found in the Linux kernel's Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the
Debian
CVE-2019-14901: linux - A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x...
vendor_debian·2019·CVSS 9.8
CVE-2019-14901 [CRITICAL] CVE-2019-14901: linux - A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x...
A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.
Scope: local
bookworm: resolved (fixed in 5.4.13-1)
bullseye: resolved (fixed in 5.4.13-1)
forky: resolved (fixed in 5.4.13-1)
sid: resolved (fixed in 5.4.13-1)
trixie: resolved (fixed in 5.4.13-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-14901 kernel: heap overflow in marvell/mwifiex/tdls.c [fedora-all]
bugzilla·2019-11-25·CVSS 9.8
CVE-2019-14901 [CRITICAL] CVE-2019-14901 kernel: heap overflow in marvell/mwifiex/tdls.c [fedora-all]
CVE-2019-14901 kernel: heap overflow in marvell/mwifiex/tdls.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions o
Bugzilla
CVE-2019-14901 kernel: heap overflow in marvell/mwifiex/tdls.c
bugzilla·2019-11-18·CVSS 9.8
CVE-2019-14901 [CRITICAL] CVE-2019-14901 kernel: heap overflow in marvell/mwifiex/tdls.c
CVE-2019-14901 kernel: heap overflow in marvell/mwifiex/tdls.c
A flaw was found in the Linux kernel's Marvell wifi chip driver. A heap overflow in mwifiex_process_tdls_action_frame function in marvell/mwifiex/tdls.c allows remote attackers to cause a denial of service(system crash) or execute arbitrary code. the station receive a tdls setup request or respone frame which the EID_SUPP_RATES IE 's length is larger than 32 will cause Heap Overflow.
Discussion:
Proposed patch:
https://patchwork.kernel.org/patch/11257535/
---
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1776184]
---
Acknowledgments:
Name: Huangwen and Wang Qize (ADLab of VenusTech)
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8.0 Update Services for
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.htmlhttp://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.htmlhttp://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.htmlhttps://access.redhat.com/errata/RHSA-2020:0204https://access.redhat.com/errata/RHSA-2020:0328https://access.redhat.com/errata/RHSA-2020:0339https://access.redhat.com/errata/RHSA-2020:0374https://access.redhat.com/errata/RHSA-2020:0375https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14901https://lists.debian.org/debian-lts-announce/2020/01/msg00013.htmlhttps://lists.debian.org/debian-lts-announce/2020/03/msg00001.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/https://usn.ubuntu.com/4225-1/https://usn.ubuntu.com/4225-2/https://usn.ubuntu.com/4226-1/https://usn.ubuntu.com/4227-1/https://usn.ubuntu.com/4227-2/https://usn.ubuntu.com/4228-1/https://usn.ubuntu.com/4228-2/http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.htmlhttp://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.htmlhttp://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.htmlhttps://access.redhat.com/errata/RHSA-2020:0204https://access.redhat.com/errata/RHSA-2020:0328https://access.redhat.com/errata/RHSA-2020:0339https://access.redhat.com/errata/RHSA-2020:0374https://access.redhat.com/errata/RHSA-2020:0375https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14901https://lists.debian.org/debian-lts-announce/2020/01/msg00013.htmlhttps://lists.debian.org/debian-lts-announce/2020/03/msg00001.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/https://usn.ubuntu.com/4225-1/https://usn.ubuntu.com/4225-2/https://usn.ubuntu.com/4226-1/https://usn.ubuntu.com/4227-1/https://usn.ubuntu.com/4227-2/https://usn.ubuntu.com/4228-1/https://usn.ubuntu.com/4228-2/
2019-11-29
Published