Lucene search

K
cveRedhatCVE-2019-10126
HistoryJun 14, 2019 - 2:29 p.m.

CVE-2019-10126

2019-06-1414:29:00
CWE-122
CWE-787
redhat
web.nvd.nist.gov
367
2
cve-2019-10126
linux kernel
buffer overflow
memory corruption
nvd
security vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.014

Percentile

86.5%

A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.

Affected configurations

Nvd
Node
linuxlinux_kernelRange4.2โ€“4.4.186
OR
linuxlinux_kernelRange4.5โ€“4.9.186
OR
linuxlinux_kernelRange4.10โ€“4.14.134
OR
linuxlinux_kernelRange4.15โ€“4.19.59
OR
linuxlinux_kernelRange4.20โ€“5.1.18
Node
redhatvirtualizationMatch4.0
OR
redhatenterprise_linuxMatch8.0
OR
redhatenterprise_linux_ausMatch8.2
OR
redhatenterprise_linux_ausMatch8.4
OR
redhatenterprise_linux_desktopMatch7.0
OR
redhatenterprise_linux_eusMatch7.7
OR
redhatenterprise_linux_eusMatch8.1
OR
redhatenterprise_linux_eusMatch8.2
OR
redhatenterprise_linux_eusMatch8.4
OR
redhatenterprise_linux_for_real_timeMatch7
OR
redhatenterprise_linux_for_real_timeMatch8
OR
redhatenterprise_linux_for_real_time_for_nfvMatch7
OR
redhatenterprise_linux_for_real_time_for_nfv_tusMatch8.2
OR
redhatenterprise_linux_for_real_time_for_nfv_tusMatch8.4
OR
redhatenterprise_linux_for_real_time_tusMatch8.2
OR
redhatenterprise_linux_for_real_time_tusMatch8.4
OR
redhatenterprise_linux_serverMatch7.0
OR
redhatenterprise_linux_serverMatch8.0
OR
redhatenterprise_linux_server_ausMatch7.7
OR
redhatenterprise_linux_server_tusMatch7.7
OR
redhatenterprise_linux_server_tusMatch8.2
OR
redhatenterprise_linux_server_tusMatch8.4
OR
redhatenterprise_linux_workstationMatch7.0
Node
canonicalubuntu_linuxMatch14.04esm
OR
canonicalubuntu_linuxMatch16.04esm
OR
canonicalubuntu_linuxMatch18.04lts
OR
canonicalubuntu_linuxMatch19.04
Node
debiandebian_linuxMatch8.0
OR
debiandebian_linuxMatch9.0
Node
opensuseleapMatch15.0
OR
opensuseleapMatch15.1
Node
netappactive_iq_unified_managerRange9.5โ‰ฅvmware_vsphere
OR
netapphci_management_nodeMatch-
OR
netappsolidfireMatch-
Node
netappa700s_firmwareMatch-
AND
netappa700sMatch-
Node
netappcn1610_firmwareMatch-
AND
netappcn1610Match-
Node
netapph610s_firmwareMatch-
AND
netapph610sMatch-

CNA Affected

[
  {
    "product": "kernel",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

Social References

More

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.014

Percentile

86.5%