Bug 1716992 (CVE-2019-10126) - CVE-2019-10126 kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c
Summary: CVE-2019-10126 kernel: Heap overflow in mwifiex_uap_parse_tail_ies function i...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-10126
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1720122 1721742 1721743 1721744 1721745 1721746 1721747 1721748 1721749 1721750 1753284 1825885 1825886 1825887 1825888 1825889 1825890
Blocks: 1716993
TreeView+ depends on / blocked
 
Reported: 2019-06-04 13:57 UTC by Pedro Sampaio
Modified: 2024-05-27 23:37 UTC (History)
49 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the mwifiex implementation in the Linux kernel. A system connecting to wireless access point could be manipulated by an attacker with advanced permissions on the access point into localized memory corruption or possibly privilege escalation.
Clone Of:
Environment:
Last Closed: 2019-10-16 06:51:15 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:3176 0 None None None 2019-10-22 14:07:07 UTC
Red Hat Product Errata RHBA-2019:3184 0 None None None 2019-10-23 19:19:41 UTC
Red Hat Product Errata RHBA-2019:3185 0 None None None 2019-10-23 19:19:50 UTC
Red Hat Product Errata RHBA-2019:3288 0 None None None 2019-10-31 16:53:05 UTC
Red Hat Product Errata RHBA-2019:3879 0 None None None 2019-11-14 08:04:38 UTC
Red Hat Product Errata RHBA-2019:3880 0 None None None 2019-11-14 08:14:44 UTC
Red Hat Product Errata RHSA-2019:3055 0 None None None 2019-10-15 17:46:02 UTC
Red Hat Product Errata RHSA-2019:3076 0 None None None 2019-10-15 17:48:39 UTC
Red Hat Product Errata RHSA-2019:3089 0 None None None 2019-10-16 07:57:05 UTC
Red Hat Product Errata RHSA-2019:3309 0 None None None 2019-11-05 20:35:35 UTC
Red Hat Product Errata RHSA-2019:3517 0 None None None 2019-11-05 21:06:17 UTC
Red Hat Product Errata RHSA-2020:0174 0 None None None 2020-01-21 15:49:52 UTC
Red Hat Product Errata RHSA-2020:0204 0 None None None 2020-01-22 21:24:53 UTC
Red Hat Product Errata RHSA-2020:2289 0 None None None 2020-05-26 11:17:10 UTC

Description Pedro Sampaio 2019-06-04 13:57:11 UTC 
A flaw was found in the Linux kernels implementation of the mwifiex wireless kernel driver.  A remote attacker in control of an wireless access point may be able to create a heap-overflow in the access-point handling code. This heap overflow may lead to memory corruption and possibly priviledge escalation.

References:

https://lore.kernel.org/linux-wireless/20190531131841.7552-1-tiwai@suse.de/
Comment 1 Pedro Sampaio 2019-06-04 13:57:15 UTC 
Acknowledgments:

Name: huangwen (ADLab of Venustech)
Comment 2 Marian Rehak 2019-06-13 08:03:30 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1720122]
Comment 5 Justin M. Forbes 2019-06-18 17:58:41 UTC 
This is fixed for Fedora in the 5.1.11 stable kernel updates.
Comment 9 errata-xmlrpc 2019-10-15 17:46:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:3055 https://access.redhat.com/errata/RHSA-2019:3055
Comment 10 errata-xmlrpc 2019-10-15 17:48:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:3076 https://access.redhat.com/errata/RHSA-2019:3076
Comment 11 Product Security DevOps Team 2019-10-16 06:51:15 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-10126
Comment 12 errata-xmlrpc 2019-10-16 07:57:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:3089 https://access.redhat.com/errata/RHSA-2019:3089
Comment 17 errata-xmlrpc 2019-11-05 20:35:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3309
Comment 18 errata-xmlrpc 2019-11-05 21:06:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:3517 https://access.redhat.com/errata/RHSA-2019:3517
Comment 21 errata-xmlrpc 2020-01-21 15:49:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:0174 https://access.redhat.com/errata/RHSA-2020:0174
Comment 22 errata-xmlrpc 2020-01-22 21:24:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:0204 https://access.redhat.com/errata/RHSA-2020:0204
Comment 26 errata-xmlrpc 2020-05-26 11:17:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2020:2289 https://access.redhat.com/errata/RHSA-2020:2289
Note You need to log in before you can comment on or make changes to this bug.