CVE-2019-14897HIGH
Description
A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA.
References
http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14897
https://usn.ubuntu.com/4225-1/
https://usn.ubuntu.com/4226-1/
https://usn.ubuntu.com/4227-1/
https://usn.ubuntu.com/4227-2/
Details
Source: MITRE
Published: 2019-11-29
Updated: 2020-01-07
Type: CWE-787
Risk Information
CVSS v2.0
Base Score: 7.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 10
Severity: HIGH
CVSS v3.0
Base Score: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 3.9
Severity: CRITICAL
Vulnerable Software
Configuration 1
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 138272 | SUSE SLES15 Security Update : kernel (SUSE-SU-2020:1663-1) | Nessus | SuSE Local Security Checks | critical |
| 137516 | EulerOS 2.0 SP2 : kernel (EulerOS-SA-2020-1674) | Nessus | Huawei Local Security Checks | critical |
| 137291 | Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5715) | Nessus | Oracle Linux Local Security Checks | critical |
| 137217 | OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0020) (Stack Clash) | Nessus | OracleVM Local Security Checks | critical |
| 137173 | Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5708) (Stack Clash) | Nessus | Oracle Linux Local Security Checks | critical |
| 136782 | SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1275-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) | Nessus | SuSE Local Security Checks | critical |
| 136661 | SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1255-1) | Nessus | SuSE Local Security Checks | critical |
| 136239 | EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2020-1536) | Nessus | Huawei Local Security Checks | critical |
| 135525 | EulerOS 2.0 SP3 : kernel (EulerOS-SA-2020-1396) | Nessus | Huawei Local Security Checks | critical |
| 135129 | EulerOS Virtualization for ARM 64 3.0.6.0 : kernel (EulerOS-SA-2020-1342) | Nessus | Huawei Local Security Checks | critical |
| 134971 | Slackware 14.2 : Slackware 14.2 kernel (SSA:2020-086-01) | Nessus | Slackware Local Security Checks | critical |
| 134559 | openSUSE Security Update : the Linux Kernel (openSUSE-2020-336) | Nessus | SuSE Local Security Checks | critical |
| 134363 | SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:0613-1) | Nessus | SuSE Local Security Checks | critical |
| 134293 | SUSE SLES12 Security Update : kernel (SUSE-SU-2020:0584-1) | Nessus | SuSE Local Security Checks | critical |
| 134292 | SUSE SLES12 Security Update : kernel (SUSE-SU-2020:0580-1) | Nessus | SuSE Local Security Checks | critical |
| 134289 | SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:0560-1) | Nessus | SuSE Local Security Checks | critical |
| 134288 | SUSE SLES12 Security Update : kernel (SUSE-SU-2020:0559-1) | Nessus | SuSE Local Security Checks | critical |
| 134287 | SUSE SLES12 Security Update : kernel (SUSE-SU-2020:0558-1) | Nessus | SuSE Local Security Checks | critical |
| 134240 | Debian DLA-2114-1 : linux-4.9 security update | Nessus | Debian Local Security Checks | critical |
| 133992 | EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1158) | Nessus | Huawei Local Security Checks | critical |
| 133913 | EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-1112) | Nessus | Huawei Local Security Checks | critical |
| 133202 | SUSE SLES12 Security Update : kernel (SUSE-SU-2020:0204-1) | Nessus | SuSE Local Security Checks | critical |
| 133142 | Ubuntu 18.04 LTS : Linux kernel (HWE) vulnerabilities (USN-4225-2) | Nessus | Ubuntu Local Security Checks | critical |
| 133101 | Debian DLA-2068-1 : linux security update | Nessus | Debian Local Security Checks | critical |
| 132692 | Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon (USN-4228-1) | Nessus | Ubuntu Local Security Checks | critical |
| 132691 | Ubuntu 16.04 LTS / 18.04 LTS : linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, (USN-4227-1) | Nessus | Ubuntu Local Security Checks | critical |
| 132690 | Ubuntu 18.04 LTS / 19.04 : linux, linux-aws, linux-aws-5.0, linux-azure, linux-gcp, linux-gke-5.0, (USN-4226-1) | Nessus | Ubuntu Local Security Checks | critical |
| 132689 | Ubuntu 18.04 LTS / 19.10 : linux, linux-aws, linux-azure, linux-azure-5.3, linux-gcp, linux-gcp-5.3, (USN-4225-1) | Nessus | Ubuntu Local Security Checks | critical |
| 131455 | Fedora 31 : kernel (2019-91f6e7bb71) | Nessus | Fedora Local Security Checks | critical |
| 131453 | Fedora 30 : kernel (2019-8846a1a5a2) | Nessus | Fedora Local Security Checks | critical |