Bug 1744137 (CVE-2019-14815)
Summary: | CVE-2019-14815 kernel: heap-overflow in mwifiex_set_wmm_params() function of Marvell WiFi driver leading to DoS | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | acaringi, airlied, bhu, blc, brdeoliv, bskeggs, darunesh, dhoward, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarod, jarodwilson, jeremy, jforbes, jglisse, jlelli, john.j5live, jonathan, josef, jross, jshortt, jstancek, jwboyer, kernel-maint, kernel-mgr, kyoshida, labbott, lgoncalv, linville, masami256, matt, mchehab, mcressma, mjg59, mlangsdo, msiddiqu, nmurray, plougher, pmatouse, rt-maint, rvrbovsk, security-response-team, steved, williams, wmealing |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A vulnerability found in the Linux kernel's WMM implementation for Marvell WiFi-based hardware (mwifiex) could lead to a denial of service or allow arbitrary code execution. For this flaw to be executed, the attacker must be both local and privileged. There is no mitigation to this flaw. A patch has been provided to remediate this flaw.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-01-21 20:09:43 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1776225, 1776242, 1776243, 1776244, 1776245, 1776246, 1776247, 1776618, 1776622, 1785197, 1785198 | ||
Bug Blocks: | 1744138 |
Description
Marian Rehak
2019-08-21 12:36:34 UTC
Acknowledgments: Name: Huangwen (ADLab of Venustech) For some reason, I'm not able to access bug 1744138, which I'd assume is the RHEL-8-specific bug I need to address in my wireless update... Can someone please take a look at this? Prepping a big wireless update for RHEL-8 right now, and want to include all these CVE bugs. FWIW, I cannot see bug 1744138 either. Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1776225] These are not rhel8 bugs, thats a task bug that is private to product security team. I'll be making the trackers for this today. This was fixed for Fedora with the 5.2.17 stable kernel updates. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0174 https://access.redhat.com/errata/RHSA-2020:0174 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-14815 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0328 https://access.redhat.com/errata/RHSA-2020:0328 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0339 https://access.redhat.com/errata/RHSA-2020:0339 |