Bug 1744149 (CVE-2019-14816) - CVE-2019-14816 kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver
Summary: CVE-2019-14816 kernel: heap overflow in mwifiex_update_vs_ie() function of Ma...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-14816
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1775484 1776607 1776609 1776610 1776611 1776612 1776613 1776614 1776615 1776616 1776617 1776618 1776619 1776620 1776621 1776622 1776623 1776624 1776625 1776626 1776627 1776628 1776629 1776630 1776642 1776650 1776651 1776652 1776653 1776654 1776655 1776656 1776657 1776658
Blocks: 1744150
TreeView+ depends on / blocked
 
Reported: 2019-08-21 12:54 UTC by Marian Rehak
Modified: 2021-02-16 21:28 UTC (History)
52 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in the Linux kernel's Marvell WiFi chip driver. Where, while parsing vendor-specific informational attributes, an attacker on the same WiFi physical network segment could cause a system crash, resulting in a denial of service, or potentially execute arbitrary code. This flaw affects the network interface at the most basic level meaning the attacker only needs to affiliate with the same network device as the vulnerable system to create an attack path.
Clone Of:
Environment:
Last Closed: 2020-01-21 20:09:48 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:0454 0 None None None 2020-02-10 01:39:26 UTC
Red Hat Product Errata RHBA-2020:0455 0 None None None 2020-02-10 01:48:58 UTC
Red Hat Product Errata RHBA-2020:0516 0 None None None 2020-02-17 09:36:24 UTC
Red Hat Product Errata RHBA-2020:0517 0 None None None 2020-02-17 09:30:35 UTC
Red Hat Product Errata RHBA-2020:0518 0 None None None 2020-02-17 09:30:50 UTC
Red Hat Product Errata RHBA-2020:0554 0 None None None 2020-02-19 21:45:06 UTC
Red Hat Product Errata RHSA-2020:0174 0 None None None 2020-01-21 15:50:05 UTC
Red Hat Product Errata RHSA-2020:0204 0 None None None 2020-01-22 21:25:00 UTC
Red Hat Product Errata RHSA-2020:0328 0 None None None 2020-02-04 08:52:12 UTC
Red Hat Product Errata RHSA-2020:0339 0 None None None 2020-02-04 13:12:06 UTC
Red Hat Product Errata RHSA-2020:0374 0 None None None 2020-02-04 19:30:36 UTC
Red Hat Product Errata RHSA-2020:0375 0 None None None 2020-02-04 19:30:49 UTC
Red Hat Product Errata RHSA-2020:0653 0 None None None 2020-03-03 08:36:51 UTC
Red Hat Product Errata RHSA-2020:0661 0 None None None 2020-03-03 10:04:19 UTC
Red Hat Product Errata RHSA-2020:0664 0 None None None 2020-03-03 15:17:46 UTC
Red Hat Product Errata RHSA-2020:1266 0 None None None 2020-04-01 08:33:13 UTC
Red Hat Product Errata RHSA-2020:1347 0 None None None 2020-04-07 09:33:47 UTC
Red Hat Product Errata RHSA-2020:1353 0 None None None 2020-04-07 09:16:45 UTC

Description Marian Rehak 2019-08-21 12:54:03 UTC 
There is heap-based buffer overflow in marvell wifi chip driver in Linux kernel while parsing vendor specific infomormational attributes allows an attacker on the same wifi physical network segment to cause a denial of service(system crash) or possibly execute arbitrary code.
Comment 1 msiddiqu 2019-08-28 19:22:43 UTC 
Upstream patch: 

https://lore.kernel.org/linux-wireless/20190828020751.13625-1-huangwenabc@gmail.com/
Comment 2 msiddiqu 2019-08-28 19:57:55 UTC 
Acknowledgments:

Name: Huangwen (ADLab of Venustech)
Comment 3 msiddiqu 2019-08-28 20:01:37 UTC 
References: 

https://www.openwall.com/lists/oss-security/2019/08/28/1
Comment 5 Wade Mealing 2019-11-22 04:49:09 UTC 
External References:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7caac62ed598a196d6ddf8d9c121e12e082cac3a
Comment 10 Wade Mealing 2019-11-26 05:07:50 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1776607]
Comment 14 Wade Mealing 2019-11-26 05:35:37 UTC 
Mitigation:

At this time there is no mitigation to the flaw, if you are able to disable wireless and your system is able to work this will be a temporary mitigation until a kernel update is available for installation.
Comment 17 Justin M. Forbes 2019-11-26 14:04:17 UTC 
This was fixed for Fedora with the 5.2.17 stable kernel update.
Comment 20 errata-xmlrpc 2020-01-21 15:50:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:0174 https://access.redhat.com/errata/RHSA-2020:0174
Comment 21 Product Security DevOps Team 2020-01-21 20:09:48 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-14816
Comment 22 errata-xmlrpc 2020-01-22 21:26:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:0204 https://access.redhat.com/errata/RHSA-2020:0204
Comment 23 errata-xmlrpc 2020-02-04 08:51:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:0328 https://access.redhat.com/errata/RHSA-2020:0328
Comment 24 errata-xmlrpc 2020-02-04 13:12:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:0339 https://access.redhat.com/errata/RHSA-2020:0339
Comment 25 errata-xmlrpc 2020-02-04 19:30:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:0374 https://access.redhat.com/errata/RHSA-2020:0374
Comment 26 errata-xmlrpc 2020-02-04 19:30:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:0375 https://access.redhat.com/errata/RHSA-2020:0375
Comment 29 errata-xmlrpc 2020-03-03 08:36:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Advanced Update Support
  Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.3 Telco Extended Update Support

Via RHSA-2020:0653 https://access.redhat.com/errata/RHSA-2020:0653
Comment 30 errata-xmlrpc 2020-03-03 10:04:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Advanced Update Support

Via RHSA-2020:0661 https://access.redhat.com/errata/RHSA-2020:0661
Comment 31 errata-xmlrpc 2020-03-03 15:17:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2020:0664 https://access.redhat.com/errata/RHSA-2020:0664
Comment 33 errata-xmlrpc 2020-04-01 08:33:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.5 Extended Update Support

Via RHSA-2020:1266 https://access.redhat.com/errata/RHSA-2020:1266
Comment 34 errata-xmlrpc 2020-04-07 09:16:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise MRG 2

Via RHSA-2020:1353 https://access.redhat.com/errata/RHSA-2020:1353
Comment 35 errata-xmlrpc 2020-04-07 09:33:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support
  Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.4 Telco Extended Update Support

Via RHSA-2020:1347 https://access.redhat.com/errata/RHSA-2020:1347
Note You need to log in before you can comment on or make changes to this bug.