A vulnerability classified as critical was found in Linux Kernel up to 3.x/4.17.x (Operating System). Affected by this vulnerability is an unknown code of the component Marvell Wifi Chip Driver. The manipulation with an unknown input leads to a heap-based overflow vulnerability. The CWE definition for the vulnerability is CWE-122. A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.

The weakness was released 11/29/2019 (Website). The advisory is shared at lists.fedoraproject.org. This vulnerability is known as CVE-2019-14895 since 08/10/2019. The attack needs to be initiated within the local network. A single authentication is needed for exploitation. Neither technical details nor an exploit are publicly available.

Upgrading to version 4.18.0 eliminates this vulnerability.

Entries connected to this vulnerability are available at 146522 and 146523.

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 3.x
• 4.0
• 4.1
• 4.2
• 4.3
• 4.4
• 4.5
• 4.6
• 4.7
• 4.8
• 4.9
• 4.10
• 4.11
• 4.12
• 4.13
• 4.14
• 4.15
• 4.16
• 4.17

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion