A flaw was found in Marvell wifi chip driver in Linux kernel. A heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c allows remote attackers to cause a denial of service(system crash) or possibly execute arbitrary code. Upstream patch submission: https://lore.kernel.org/linux-wireless/20190529125220.17066-1-tiwai@suse.de/
Mitigation: This flaw requires a system with marvell wifi network card to be attempting to connect to a attacker controlled wifi network. A temporary mitigation may be to only connect to known-good networks via wifi, or connect to a network via ethernet. Alternatively if wireless networking is not used the mwifiex kernel module can be blacklisted to prevent misuse of the vulnerable code.
Statement: This flaw is currently rated as Important as it is possible for an attacker to setup a wifi access point with identical configuration in another location and intercept have the system auto connect and possibly be exploited.
External References: https://seclists.org/oss-sec/2019/q2/133
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1715475]
Acknowledgments: Name: huangwen (ADLab of Venustech)
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:2703 https://access.redhat.com/errata/RHSA-2019:2703
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:2741 https://access.redhat.com/errata/RHSA-2019:2741
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-3846
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3055 https://access.redhat.com/errata/RHSA-2019:3055
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3076 https://access.redhat.com/errata/RHSA-2019:3076
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3089 https://access.redhat.com/errata/RHSA-2019:3089
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0174 https://access.redhat.com/errata/RHSA-2020:0174
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:2289 https://access.redhat.com/errata/RHSA-2020:2289
After further investigation, it appears as though libtertas has mitigation against this flaw, marking el6 not affected.