CVE-2020-12653

Published: May 5, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.

Affected (23)

Products: Linux: Linux Kernel · Opensuse: Leap · Debian: Debian Linux · +1 more

Show all products

1 product

1 product

1 product

19 products

Active Iq Unified Manager

Steelstore Cloud Integrated Storage

Hci Compute Node Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 5.5.4

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.1

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration D

6 vulnerable

Vulnerable Software	Affected Versions
Netapp Active Iq Unified Manager	All versions
Netapp Cloud Backup	All versions
Netapp Element Software	All versions
Netapp Hci Management Node	All versions
Netapp Solidfire	All versions
Netapp Steelstore Cloud Integrated Storage	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Hci Compute Node Firmware	All versions

Running on/with	Platform Versions
Netapp Hci Compute Node	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp A700s Firmware	All versions

Running on/with	Platform Versions
Netapp A700s	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H300s Firmware	All versions

Running on/with	Platform Versions
Netapp H300s	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H500s Firmware	All versions

Running on/with	Platform Versions
Netapp H500s	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H700s Firmware	All versions

Running on/with	Platform Versions
Netapp H700s	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H300e Firmware	All versions

Running on/with	Platform Versions
Netapp H300e	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H500e Firmware	All versions

Running on/with	Platform Versions
Netapp H500e	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H700e Firmware	All versions

Running on/with	Platform Versions
Netapp H700e	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H410s Firmware	All versions

Running on/with	Platform Versions
Netapp H410s	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H410c Firmware	All versions

Running on/with	Platform Versions
Netapp H410c	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H610c Firmware	All versions

Running on/with	Platform Versions
Netapp H610c	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H610s Firmware	All versions

Running on/with	Platform Versions
Netapp H610s	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H615c Firmware	All versions

Running on/with	Platform Versions
Netapp H615c	All versions

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (20)

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2020/05/08/2

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4

Source: cve@mitre.org

Release NotesVendor Advisory

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d

Source: cve@mitre.org

PatchVendor Advisory

https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d

Source: cve@mitre.org

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20200608-0001/

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2020/dsa-4698

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2020/05/08/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20200608-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2020/dsa-4698

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.