CVE-2019-14901

Published: Nov 29, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.

Affected (13)

Products: Linux: Linux Kernel · Fedoraproject: Fedora · Debian: Debian Linux · +1 more

Show all products

Linux: Linux Kernel · Fedoraproject: Fedora · Debian: Debian Linux · Canonical: Ubuntu Linux

1 product

1 product

1 product

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 3.15 to 3.16.83
Linux Linux Kernel	From 3.17 to 4.4.217
Linux Linux Kernel	From 4.10 to 4.14.164
Linux Linux Kernel	From 4.15 to 4.19.95
Linux Linux Kernel	From 4.20 to 5.4.11
Linux Linux Kernel	From 4.5 to 4.9.217

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 30
Fedoraproject Fedora	Version 31

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Configuration D

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 19.10

Related CWEs

CWE-122

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (40)

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2020:0204

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0328

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0339

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0374

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0375

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14901

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html

Source: secalert@redhat.com

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html

Source: secalert@redhat.com

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/

Source: secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/

Source: secalert@redhat.com

https://usn.ubuntu.com/4225-1/

Source: secalert@redhat.com

Third Party Advisory

https://usn.ubuntu.com/4225-2/

Source: secalert@redhat.com

Third Party Advisory

https://usn.ubuntu.com/4226-1/

Source: secalert@redhat.com

Third Party Advisory

https://usn.ubuntu.com/4227-1/

Source: secalert@redhat.com

Third Party Advisory

https://usn.ubuntu.com/4227-2/

Source: secalert@redhat.com

Third Party Advisory

https://usn.ubuntu.com/4228-1/

Source: secalert@redhat.com

Third Party Advisory

https://usn.ubuntu.com/4228-2/

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html