CVE-2019-14895
high-risk
Published 2019-11-29
A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.
Do I need to act?
-
0.83% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (10)
Affected Vendors
References (52)
Third Party Advisory
http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LS...
Third Party Advisory
http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LS...
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0328
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0339
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0374
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0375
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0543
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0592
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0609
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0653
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0661
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0664
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14895
Third Party Advisory
https://usn.ubuntu.com/4225-1/
Third Party Advisory
https://usn.ubuntu.com/4225-2/
and 32 more references
51
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
3/34 · Minimal
Exposure
16/34 · Moderate