A vulnerability was found in marvell wifi chip driver in Linux kernel. There is a heap-based buffer overflow while attempting a connection negotiation during the handling of the remote devices country settings ( When STA connects to AP, mwifiex_process_country_ie function will be called for STA ). This could allow the remote device to cause a denial of service(system crash) or possibly execute arbitrary code.
Upstream Patch: https://patchwork.kernel.org/patch/11256477/
External References: https://www.openwall.com/lists/oss-security/2019/11/22/2
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1776139]
Acknowledgments: Name: ADLab of Venustech
Reference: https://lore.kernel.org/linux-wireless/1574352278-7592-1-git-send-email-gbhat@marvell.com/T/#u
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0328 https://access.redhat.com/errata/RHSA-2020:0328
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0339 https://access.redhat.com/errata/RHSA-2020:0339
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-14895
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0374 https://access.redhat.com/errata/RHSA-2020:0374
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0375 https://access.redhat.com/errata/RHSA-2020:0375
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.5 Extended Update Support Via RHSA-2020:0543 https://access.redhat.com/errata/RHSA-2020:0543
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2020:0592 https://access.redhat.com/errata/RHSA-2020:0592
This issue has been addressed in the following products: Red Hat Enterprise MRG 2 Via RHSA-2020:0609 https://access.redhat.com/errata/RHSA-2020:0609
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Advanced Update Support Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions Red Hat Enterprise Linux 7.3 Telco Extended Update Support Via RHSA-2020:0653 https://access.redhat.com/errata/RHSA-2020:0653
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Advanced Update Support Via RHSA-2020:0661 https://access.redhat.com/errata/RHSA-2020:0661
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:0664 https://access.redhat.com/errata/RHSA-2020:0664
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:0831 https://access.redhat.com/errata/RHSA-2020:0831
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1493 https://access.redhat.com/errata/RHSA-2020:1493