CVE-2020-12654 — Out-of-bounds Write in Kernel
Severity
7.1HIGHNVD
OSV5.5
EPSS
0.4%
top 39.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 5
Latest updateApr 12
Description
An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591.
CVSS vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9
Affected Packages7 packages
Patches
🔴Vulnerability Details
4📋Vendor Advisories
5Microsoft▶
An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an inc↗2020-05-12
Red Hat▶
kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c↗2020-01-27
Debian▶
CVE-2020-12654: linux - An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in...↗2020
📄Research Papers
1💬Community
2Bugzilla▶
CVE-2020-12654 kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c↗2020-05-06
Bugzilla▶
CVE-2020-12654 kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c [fedora-all]↗2020-05-06