1774879 – (CVE-2019-14897) CVE-2019-14897 kernel: stack-based buffer overflow in add_ie_rates function in drivers/net/wireless/marvell/libertas/cfg.c

Bug 1774879 (CVE-2019-14897) - CVE-2019-14897 kernel: stack-based buffer overflow in add_ie_rates function in drivers/net/wireless/marvell/libertas/cfg.c

Summary: CVE-2019-14897 kernel: stack-based buffer overflow in add_ie_rates function i...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2019-14897
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1776146 1776558 1776559 1776560
Blocks:	1774880
TreeView+	depends on / blocked

Reported:	2019-11-21 07:57 UTC by Dhananjay Arunesh
Modified:	2021-10-27 10:50 UTC (History)
CC List:	45 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A stack-based buffer overflow was found in the Linux kernel's Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA.
Clone Of:
Environment:
Last Closed:	2021-10-27 10:50:43 UTC

Attachments	(Terms of Use)

Description Dhananjay Arunesh 2019-11-21 07:57:25 UTC

A vulnerability was found in marvell wifi chip driver in Linux kernel. There is a stack-based buffer overflow in add_ie_rates function in drivers/net/wireless/marvell/libertas/cfg.c allows remote attackers to cause a denial of service(system crash) or possibly execute arbitrary code. When some STAs work in IBSS mode, they can connect to each other without AP. lbs_ibss_join_existing will be called  when STA joins IBSS network.

Proposed upstream patch:
https://patchwork.kernel.org/patch/11257187/

Comment 1 msiddiqu 2019-11-25 06:54:55 UTC

Upstream patch: 

https://patchwork.kernel.org/patch/11257187/

Comment 3 Marian Rehak 2019-11-25 08:36:27 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1776146]

Comment 4 msiddiqu 2019-11-25 09:35:05 UTC

Acknowledgments:

Name: ADLab of Venustech

Note You need to log in before you can comment on or make changes to this bug.

acaringi
airlied
bdettelb
bhu
blc
brdeoliv
bskeggs
dhoward
dvlasenk
esammons
fhrbata
hdegoede
hkrzesin
iboverma
ichavero
itamar
jarodwilson
jeremy
jforbes
jlelli
john.j5live
jonathan
josef
jross
jshortt
jstancek
jwboyer
kernel-maint
kernel-mgr
lgoncalv
linville
masami256
mchehab
mcressma
mjg59
mlangsdo
nmurray
qzhao
rrakesh2
rt-maint
rvrbovsk
security-response-team
steved
williams
wmealing