Bug 1716992 (CVE-2019-10126) - CVE-2019-10126 kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c
Summary: CVE-2019-10126 kernel: Heap overflow in mwifiex_uap_parse_tail_ies function i...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-10126
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1720122 1721742 1721743 1721744 1721745 1721746 1721747 1721748 1721749 1721750 1753284 1825885 1825886 1825887 1825888 1825889 1825890
Blocks: 1716993
TreeView+ depends on / blocked
 
Reported: 2019-06-04 13:57 UTC by Pedro Sampaio
Modified: 2024-05-27 23:37 UTC (History)
49 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the mwifiex implementation in the Linux kernel. A system connecting to wireless access point could be manipulated by an attacker with advanced permissions on the access point into localized memory corruption or possibly privilege escalation.
Clone Of:
Environment:
Last Closed: 2019-10-16 06:51:15 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:3176 0 None None None 2019-10-22 14:07:07 UTC
Red Hat Product Errata RHBA-2019:3184 0 None None None 2019-10-23 19:19:41 UTC
Red Hat Product Errata RHBA-2019:3185 0 None None None 2019-10-23 19:19:50 UTC
Red Hat Product Errata RHBA-2019:3288 0 None None None 2019-10-31 16:53:05 UTC
Red Hat Product Errata RHBA-2019:3879 0 None None None 2019-11-14 08:04:38 UTC
Red Hat Product Errata RHBA-2019:3880 0 None None None 2019-11-14 08:14:44 UTC
Red Hat Product Errata RHSA-2019:3055 0 None None None 2019-10-15 17:46:02 UTC
Red Hat Product Errata RHSA-2019:3076 0 None None None 2019-10-15 17:48:39 UTC
Red Hat Product Errata RHSA-2019:3089 0 None None None 2019-10-16 07:57:05 UTC
Red Hat Product Errata RHSA-2019:3309 0 None None None 2019-11-05 20:35:35 UTC
Red Hat Product Errata RHSA-2019:3517 0 None None None 2019-11-05 21:06:17 UTC
Red Hat Product Errata RHSA-2020:0174 0 None None None 2020-01-21 15:49:52 UTC
Red Hat Product Errata RHSA-2020:0204 0 None None None 2020-01-22 21:24:53 UTC
Red Hat Product Errata RHSA-2020:2289 0 None None None 2020-05-26 11:17:10 UTC

Description Pedro Sampaio 2019-06-04 13:57:11 UTC
A flaw was found in the Linux kernels implementation of the mwifiex wireless kernel driver.  A remote attacker in control of an wireless access point may be able to create a heap-overflow in the access-point handling code. This heap overflow may lead to memory corruption and possibly priviledge escalation.

References:

https://lore.kernel.org/linux-wireless/20190531131841.7552-1-tiwai@suse.de/

Comment 1 Pedro Sampaio 2019-06-04 13:57:15 UTC
Acknowledgments:

Name: huangwen (ADLab of Venustech)

Comment 2 Marian Rehak 2019-06-13 08:03:30 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1720122]

Comment 5 Justin M. Forbes 2019-06-18 17:58:41 UTC
This is fixed for Fedora in the 5.1.11 stable kernel updates.

Comment 9 errata-xmlrpc 2019-10-15 17:46:00 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:3055 https://access.redhat.com/errata/RHSA-2019:3055

Comment 10 errata-xmlrpc 2019-10-15 17:48:36 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:3076 https://access.redhat.com/errata/RHSA-2019:3076

Comment 11 Product Security DevOps Team 2019-10-16 06:51:15 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-10126

Comment 12 errata-xmlrpc 2019-10-16 07:57:02 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:3089 https://access.redhat.com/errata/RHSA-2019:3089

Comment 17 errata-xmlrpc 2019-11-05 20:35:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3309

Comment 18 errata-xmlrpc 2019-11-05 21:06:14 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:3517 https://access.redhat.com/errata/RHSA-2019:3517

Comment 21 errata-xmlrpc 2020-01-21 15:49:46 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:0174 https://access.redhat.com/errata/RHSA-2020:0174

Comment 22 errata-xmlrpc 2020-01-22 21:24:51 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:0204 https://access.redhat.com/errata/RHSA-2020:0204

Comment 26 errata-xmlrpc 2020-05-26 11:17:06 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2020:2289 https://access.redhat.com/errata/RHSA-2020:2289


Note You need to log in before you can comment on or make changes to this bug.