CVE-2019-14901

high-risk
Published 2019-11-29

A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.

Do I need to act?

~
5.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (8)

Affected Vendors

Debian Linux Canonical Fedoraproject

References (40)

Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
Third Party Advisory http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LS...
Third Party Advisory http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LS...
Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0204
Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0328
Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0339
Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0374
Third Party Advisory https://access.redhat.com/errata/RHSA-2020:0375
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14901
Third Party Advisory https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
Third Party Advisory https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Third Party Advisory https://usn.ubuntu.com/4225-1/
Third Party Advisory https://usn.ubuntu.com/4225-2/
Third Party Advisory https://usn.ubuntu.com/4226-1/
Third Party Advisory https://usn.ubuntu.com/4227-1/
Third Party Advisory https://usn.ubuntu.com/4227-2/
Third Party Advisory https://usn.ubuntu.com/4228-1/
Third Party Advisory https://usn.ubuntu.com/4228-2/
and 20 more references
54
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 8/34 · Low
Exposure 14/34 · Moderate