CVE-2019-14906

Current Description

A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.

Basic Data

PublishedNovember 27, 2019
Last ModifiedJanuary 03, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-787
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSLinuxLinux Kernel2.6.32*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSFedoraprojectFedora30*******
    2.3OSFedoraprojectFedora31*******
    2.3OSRedhatEnterprise Linux6.0*******

Vulnerable Software List

VendorProductVersions
Redhat Enterprise Linux 6.0
Linux Linux Kernel 2.6.32
Fedoraproject Fedora 30, 31

References

NameSourceURLTags
openSUSE-SU-2020:0336http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.htmlSUSE
http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.htmlhttp://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.htmlMISC
http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.htmlhttp://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.htmlMISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14896https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14896CONFIRMIssue Tracking Third Party Advisory
[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security updatehttps://lists.debian.org/debian-lts-announce/2020/01/msg00013.htmlMLIST
[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security updatehttps://lists.debian.org/debian-lts-announce/2020/03/msg00001.htmlMLIST
FEDORA-2019-8846a1a5a2https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D4ISVFEDORAThird Party Advisory
FEDORA-2019-91f6e7bb71https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MN6MLFEDORAThird Party Advisory
https://security.netapp.com/advisory/ntap-20200103-0001/https://security.netapp.com/advisory/ntap-20200103-0001/CONFIRM
USN-4225-1https://usn.ubuntu.com/4225-1/UBUNTU
USN-4225-2https://usn.ubuntu.com/4225-2/UBUNTU
USN-4226-1https://usn.ubuntu.com/4226-1/UBUNTU
USN-4227-1https://usn.ubuntu.com/4227-1/UBUNTU
USN-4227-2https://usn.ubuntu.com/4227-2/UBUNTU
USN-4228-1https://usn.ubuntu.com/4228-1/UBUNTU
USN-4228-2https://usn.ubuntu.com/4228-2/UBUNTU