Lucene search

[email protected]CVE-2019-14901

HistoryNov 29, 2019 - 3:15 p.m.

CVE-2019-14901

2019-11-2915:15:00

CWE-122

CWE-400

[email protected]

web.nvd.nist.gov

419

cve-2019-14901

linux kernel

heap overflow

marvell wifi chip

remote code execution

system crash

denial of service

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.024 Low

EPSS

Percentile

89.9%

JSON

A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.

VendorProductVersionCPE
redhatkernel*cpe:2.3:a:redhat:kernel:*:*:*:*:*:*:*:*
redhatkernel*cpe:2.3:a:redhat:kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	kernel	*	cpe:2.3:a:redhat:kernel::::::::
redhat	kernel	*	cpe:2.3:a:redhat:kernel::::::::

References

lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html

packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html

packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html

access.redhat.com/errata/RHSA-2020:0204

access.redhat.com/errata/RHSA-2020:0328

access.redhat.com/errata/RHSA-2020:0339

access.redhat.com/errata/RHSA-2020:0374

access.redhat.com/errata/RHSA-2020:0375

bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14901

lists.debian.org/debian-lts-announce/2020/01/msg00013.html

lists.debian.org/debian-lts-announce/2020/03/msg00001.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/

usn.ubuntu.com/4225-1/

usn.ubuntu.com/4225-2/

usn.ubuntu.com/4226-1/

usn.ubuntu.com/4227-1/

usn.ubuntu.com/4227-2/

usn.ubuntu.com/4228-1/

usn.ubuntu.com/4228-2/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.024 Low

EPSS

Percentile

89.9%

JSON

Related for CVE-2019-14901

ubuntucve1 redhatcve1 prion1 debiancve1 nessus47 oraclelinux5 f51 centos2 redhat6 openvas43 ubuntu7 cloudfoundry1 slackware1 androidsecurity1 fedora13 suse1 debian2 osv2 ibm2