CVE-2019-3846

CWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds Write16 documents9 sources
Severity
8.8HIGH
EPSS
1.1%
top 21.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Linux Linux KernelCanonical Ubuntu LinuxDebian Debian Linux+4 more
Timeline
PublishedJun 3
Latest updateMay 24

Description

A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

NVDlinux/linux_kernel3.03.16.70+5
CVEListV5kerneln/a
Debianlinux< 4.19.37-4+3
NVDopensuse/leap15.0, 15.1, 42.3+2

Also affects: Debian Linux 8.0, 9.0, Fedora 29, 30, Ubuntu Linux 14.04, 16.04, 18.04, 19.04, Enterprise Linux 6.0, 7.0, 8.0

Patches

Patch: bugzilla.redhat.comPatch: seclists.orgPatch: bugzilla.redhat.com

🔴Vulnerability Details

4
GHSA
GHSA-3fcq-fcfj-jgfq: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malici2022-05-24
CVEList
CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malici2019-06-03
OSV
CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malici2019-06-03
Kernel
mwifiex: Fix possible buffer overflows at parsing bss descriptor2019-05-29

📋Vendor Advisories

8
Ubuntu
Linux kernel (AWS) vulnerabilities2019-09-02
Ubuntu
Linux kernel (AWS) vulnerabilities2019-09-02
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities2019-08-13
Ubuntu
Linux kernel vulnerabilities2019-08-13
Ubuntu
Linux kernel vulnerabilities2019-08-13

💬Community

3
Bugzilla
CVE-2019-1010060 cfitsio: buffer overflow leads to arbitrary code execution2020-06-25
Bugzilla
CVE-2019-3846 kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c [fedora-all]2019-05-30
Bugzilla
CVE-2019-3846 kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c2019-05-22
CVE-2019-3846 (HIGH CVSS 8.8) | A flaw that allowed an attacker to | cvebase.io