CVE-2019-14895HIGH
Description
A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.
References
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
Details
Source: MITRE
Published: 2019-11-29
Updated: 2019-12-12
Type: CWE-787
Risk Information
CVSS v2.0
Base Score: 7.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 10
Severity: HIGH
CVSS v3.0
Base Score: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 3.9
Severity: CRITICAL
Vulnerable Software
Configuration 1
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 145801 | CentOS 8 : kernel (CESA-2020:0339) | Nessus | CentOS Local Security Checks | critical |
| 144837 | OracleVM 3.4 : Unbreakable / etc (OVMSA-2021-0001) | Nessus | OracleVM Local Security Checks | high |
| 144831 | EulerOS Virtualization 3.0.2.6 : kernel (EulerOS-SA-2021-1056) | Nessus | Huawei Local Security Checks | critical |
| 144802 | Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9002) | Nessus | Oracle Linux Local Security Checks | high |
| 143971 | NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2020-0108) | Nessus | NewStart CGSL Local Security Checks | critical |
| 140382 | SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2498-1) | Nessus | SuSE Local Security Checks | high |
| 140381 | SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2497-1) | Nessus | SuSE Local Security Checks | critical |
| 140380 | SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2492-1) | Nessus | SuSE Local Security Checks | critical |
| 140379 | SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2491-1) | Nessus | SuSE Local Security Checks | critical |
| 137516 | EulerOS 2.0 SP2 : kernel (EulerOS-SA-2020-1674) | Nessus | Huawei Local Security Checks | critical |
| 136661 | SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1255-1) | Nessus | SuSE Local Security Checks | critical |
| 136239 | EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2020-1536) | Nessus | Huawei Local Security Checks | critical |
| 135762 | NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2020-0014) | Nessus | NewStart CGSL Local Security Checks | critical |
| 135685 | RHEL 7 : kernel-alt (RHSA-2020:1493) | Nessus | Red Hat Local Security Checks | critical |
| 135525 | EulerOS 2.0 SP3 : kernel (EulerOS-SA-2020-1396) | Nessus | Huawei Local Security Checks | critical |
| 135129 | EulerOS Virtualization for ARM 64 3.0.6.0 : kernel (EulerOS-SA-2020-1342) | Nessus | Huawei Local Security Checks | critical |
| 134971 | Slackware 14.2 : Slackware 14.2 kernel (SSA:2020-086-01) | Nessus | Slackware Local Security Checks | critical |
| 134670 | RHEL 8 : kernel (RHSA-2020:0831) | Nessus | Red Hat Local Security Checks | high |
| 134645 | Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5569) | Nessus | Oracle Linux Local Security Checks | critical |
| 134363 | SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:0613-1) | Nessus | SuSE Local Security Checks | critical |
| 134320 | NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2020-0010) | Nessus | NewStart CGSL Local Security Checks | critical |
| 134262 | RHEL 7 : kernel (RHSA-2020:0664) | Nessus | Red Hat Local Security Checks | high |
| 134260 | RHEL 7 : kernel (RHSA-2020:0661) | Nessus | Red Hat Local Security Checks | high |
| 134259 | RHEL 7 : kernel (RHSA-2020:0653) | Nessus | Red Hat Local Security Checks | high |
| 134240 | Debian DLA-2114-1 : linux-4.9 security update | Nessus | Debian Local Security Checks | critical |
| 134192 | RHEL 6 : MRG (RHSA-2020:0609) | Nessus | Red Hat Local Security Checks | high |
| 134087 | CentOS 7 : kernel (CESA-2020:0374) | Nessus | CentOS Local Security Checks | critical |
| 134064 | RHEL 7 : kernel (RHSA-2020:0592) | Nessus | Red Hat Local Security Checks | high |
| 133992 | EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1158) | Nessus | Huawei Local Security Checks | critical |
| 133913 | EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-1112) | Nessus | Huawei Local Security Checks | critical |
| 133786 | RHEL 7 : kernel (RHSA-2020:0543) | Nessus | Red Hat Local Security Checks | high |
| 133591 | Oracle Linux 8 : kernel (ELSA-2020-0339) | Nessus | Oracle Linux Local Security Checks | critical |
| 133538 | Scientific Linux Security Update : kernel on SL7.x x86_64 (20200205) | Nessus | Scientific Linux Local Security Checks | critical |
| 133514 | Oracle Linux 7 : kernel (ELSA-2020-0374) | Nessus | Oracle Linux Local Security Checks | critical |
| 133508 | CentOS 7 : kernel (CESA-2020:0375) (deprecated) | Nessus | CentOS Local Security Checks | critical |
| 133484 | RHEL 7 : kernel-rt (RHSA-2020:0375) | Nessus | Red Hat Local Security Checks | critical |
| 133483 | RHEL 7 : kernel (RHSA-2020:0374) | Nessus | Red Hat Local Security Checks | critical |
| 133480 | RHEL 8 : kernel (RHSA-2020:0339) | Nessus | Red Hat Local Security Checks | critical |
| 133477 | RHEL 8 : kernel-rt (RHSA-2020:0328) | Nessus | Red Hat Local Security Checks | critical |
| 133142 | Ubuntu 18.04 LTS : Linux kernel (HWE) vulnerabilities (USN-4225-2) | Nessus | Ubuntu Local Security Checks | critical |
| 133101 | Debian DLA-2068-1 : linux security update | Nessus | Debian Local Security Checks | critical |
| 132925 | SUSE SLES12 Security Update : kernel (SUSE-SU-2020:0093-1) | Nessus | SuSE Local Security Checks | critical |
| 132692 | Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon (USN-4228-1) | Nessus | Ubuntu Local Security Checks | critical |
| 132691 | Ubuntu 16.04 LTS / 18.04 LTS : linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, (USN-4227-1) | Nessus | Ubuntu Local Security Checks | critical |
| 132690 | Ubuntu 18.04 LTS / 19.04 : linux, linux-aws, linux-aws-5.0, linux-azure, linux-gcp, linux-gke-5.0, (USN-4226-1) | Nessus | Ubuntu Local Security Checks | critical |
| 132689 | Ubuntu 18.04 LTS / 19.10 : linux, linux-aws, linux-azure, linux-azure-5.3, linux-gcp, linux-gcp-5.3, (USN-4225-1) | Nessus | Ubuntu Local Security Checks | critical |
| 132394 | SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:3381-1) | Nessus | SuSE Local Security Checks | critical |
| 132390 | SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3379-1) | Nessus | SuSE Local Security Checks | high |
| 132389 | SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:3371-1) | Nessus | SuSE Local Security Checks | high |
| 132237 | SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:3317-1) | Nessus | SuSE Local Security Checks | critical |
| 132236 | SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3316-1) | Nessus | SuSE Local Security Checks | critical |
| 132032 | openSUSE Security Update : the Linux Kernel (openSUSE-2019-2675) | Nessus | SuSE Local Security Checks | critical |
| 131833 | SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3200-1) | Nessus | SuSE Local Security Checks | high |
| 131455 | Fedora 31 : kernel (2019-91f6e7bb71) | Nessus | Fedora Local Security Checks | critical |
| 131453 | Fedora 30 : kernel (2019-8846a1a5a2) | Nessus | Fedora Local Security Checks | critical |