A flaw was found in the Linux kernel's Marvell wifi chip driver. A heap overflow in mwifiex_process_tdls_action_frame function in marvell/mwifiex/tdls.c allows remote attackers to cause a denial of service(system crash) or execute arbitrary code. the station receive a tdls setup request or respone frame which the EID_SUPP_RATES IE 's length is larger than 32 will cause Heap Overflow.
Proposed patch: https://patchwork.kernel.org/patch/11257535/
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1776184]
Acknowledgments: Name: Huangwen and Wang Qize (ADLab of VenusTech)
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:0204 https://access.redhat.com/errata/RHSA-2020:0204
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-14901
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0328 https://access.redhat.com/errata/RHSA-2020:0328
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0339 https://access.redhat.com/errata/RHSA-2020:0339
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0374 https://access.redhat.com/errata/RHSA-2020:0374
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0375 https://access.redhat.com/errata/RHSA-2020:0375
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1493 https://access.redhat.com/errata/RHSA-2020:1493