Lucene search

K
nvd[email protected]NVD:CVE-2019-14816
HistorySep 20, 2019 - 7:15 p.m.

CVE-2019-14816

2019-09-2019:15:11
CWE-122
CWE-787
web.nvd.nist.gov
1

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0

Percentile

15.7%

There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

Affected configurations

NVD
Node
linuxlinux_kernelRange3.63.16.74
OR
linuxlinux_kernelRange3.174.4.194
OR
linuxlinux_kernelRange4.54.9.194
OR
linuxlinux_kernelRange4.104.14.146
OR
linuxlinux_kernelRange4.154.19.75
OR
linuxlinux_kernelRange4.205.2.17
Node
redhatvirtualizationMatch4.0
OR
redhatenterprise_linuxMatch5.0
OR
redhatenterprise_linuxMatch6.0
OR
redhatenterprise_linuxMatch6.4
OR
redhatenterprise_linuxMatch7.0
OR
redhatenterprise_linuxMatch7.6
OR
redhatenterprise_linuxMatch8.0
OR
redhatenterprise_linux_compute_node_eusMatch7.6
OR
redhatenterprise_linux_eusMatch7.6
OR
redhatenterprise_linux_eusMatch7.7
OR
redhatenterprise_linux_eusMatch8.1
OR
redhatenterprise_linux_eusMatch8.2
OR
redhatenterprise_linux_eusMatch8.4
OR
redhatenterprise_linux_for_power_big_endian_eusMatch7.6_ppc64
OR
redhatenterprise_linux_for_real_timeMatch7
OR
redhatenterprise_linux_for_real_timeMatch8
OR
redhatenterprise_linux_for_real_time_for_nfvMatch7
OR
redhatenterprise_linux_for_real_time_for_nfvMatch8
OR
redhatenterprise_linux_for_real_time_for_nfv_tusMatch8.2
OR
redhatenterprise_linux_for_real_time_for_nfv_tusMatch8.4
OR
redhatenterprise_linux_for_real_time_tusMatch8.2
OR
redhatenterprise_linux_for_real_time_tusMatch8.4
OR
redhatenterprise_linux_serverMatch7.6
OR
redhatenterprise_linux_serverMatch8.0
OR
redhatenterprise_linux_server_ausMatch7.2
OR
redhatenterprise_linux_server_ausMatch7.3
OR
redhatenterprise_linux_server_ausMatch7.6
OR
redhatenterprise_linux_server_ausMatch8.2
OR
redhatenterprise_linux_server_ausMatch8.4
OR
redhatenterprise_linux_server_tusMatch7.3
OR
redhatenterprise_linux_server_tusMatch7.6
OR
redhatenterprise_linux_server_tusMatch8.2
OR
redhatenterprise_linux_server_tusMatch8.4
OR
redhatenterprise_linux_tusMatch7.7
OR
redhatmessaging_realtime_gridMatch2.0
OR
redhatvirtualizationMatch4.2
Node
debiandebian_linuxMatch8.0
OR
fedoraprojectfedoraMatch29
OR
fedoraprojectfedoraMatch30
Node
netappdata_availability_servicesMatch-
OR
netapphci_management_nodeMatch-
OR
netappservice_processorMatch-
OR
netappsolidfireMatch-
OR
netappsteelstore_cloud_integrated_storageMatch-
Node
netappa700sMatch-
AND
netappa700s_firmwareMatch-
Node
netappa320Match-
AND
netappa320_firmwareMatch-
Node
netappc190Match-
AND
netappc190_firmwareMatch-
Node
netappa220Match-
AND
netappa220_firmwareMatch-
Node
netappfas2720Match-
AND
netappfas2720_firmwareMatch-
Node
netappfas2750Match-
AND
netappfas2750_firmwareMatch-
Node
netappa800Match-
AND
netappa800_firmwareMatch-
Node
netapph300s_firmwareMatch-
AND
netapph300sMatch-
Node
netapph500s_firmwareMatch-
AND
netapph500sMatch-
Node
netapph700s_firmwareMatch-
AND
netapph700sMatch-
Node
netapph300e_firmwareMatch-
AND
netapph300eMatch-
Node
netapph500e_firmwareMatch-
AND
netapph500eMatch-
Node
netapph700e_firmwareMatch-
AND
netapph700eMatch-
Node
netapph410s_firmwareMatch-
AND
netapph410sMatch-
Node
netapph410s_firmwareMatch-
AND
netapph410sMatch-
Node
netapph610s_firmwareMatch-
AND
netapph610sMatch-
Node
canonicalubuntu_linuxMatch14.04esm
OR
canonicalubuntu_linuxMatch16.04esm
OR
canonicalubuntu_linuxMatch18.04lts
OR
canonicalubuntu_linuxMatch19.04
Node
opensuseleapMatch15.0
OR
opensuseleapMatch15.1

References

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0

Percentile

15.7%