CVE-2019-14901

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.

References

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14901

https://lists.fedoraproject.org/archives/list/[email protected]/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/

https://lists.fedoraproject.org/archives/list/[email protected]/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/

Details

Source: MITRE

Published: 2019-11-29

Updated: 2019-12-12

Type: CWE-787

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (44 total)

IDNameProductFamilySeverity
145801CentOS 8 : kernel (CESA-2020:0339)NessusCentOS Local Security Checks
critical
144831EulerOS Virtualization 3.0.2.6 : kernel (EulerOS-SA-2021-1056)NessusHuawei Local Security Checks
critical
143971NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2020-0108)NessusNewStart CGSL Local Security Checks
critical
140381SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2497-1)NessusSuSE Local Security Checks
critical
140380SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2492-1)NessusSuSE Local Security Checks
critical
140379SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2491-1)NessusSuSE Local Security Checks
critical
137516EulerOS 2.0 SP2 : kernel (EulerOS-SA-2020-1674)NessusHuawei Local Security Checks
critical
136661SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1255-1)NessusSuSE Local Security Checks
critical
136239EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2020-1536)NessusHuawei Local Security Checks
critical
135762NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2020-0014)NessusNewStart CGSL Local Security Checks
critical
135685RHEL 7 : kernel-alt (RHSA-2020:1493)NessusRed Hat Local Security Checks
critical
135525EulerOS 2.0 SP3 : kernel (EulerOS-SA-2020-1396)NessusHuawei Local Security Checks
critical
134971Slackware 14.2 : Slackware 14.2 kernel (SSA:2020-086-01)NessusSlackware Local Security Checks
critical
134645Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5569)NessusOracle Linux Local Security Checks
critical
134363SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:0613-1)NessusSuSE Local Security Checks
critical
134320NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2020-0010)NessusNewStart CGSL Local Security Checks
critical
134240Debian DLA-2114-1 : linux-4.9 security updateNessusDebian Local Security Checks
critical
134087CentOS 7 : kernel (CESA-2020:0374)NessusCentOS Local Security Checks
critical
134024Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5541)NessusOracle Linux Local Security Checks
critical
133913EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-1112)NessusHuawei Local Security Checks
critical
133591Oracle Linux 8 : kernel (ELSA-2020-0339)NessusOracle Linux Local Security Checks
critical
133538Scientific Linux Security Update : kernel on SL7.x x86_64 (20200205)NessusScientific Linux Local Security Checks
critical
133514Oracle Linux 7 : kernel (ELSA-2020-0374)NessusOracle Linux Local Security Checks
critical
133508CentOS 7 : kernel (CESA-2020:0375) (deprecated)NessusCentOS Local Security Checks
critical
133484RHEL 7 : kernel-rt (RHSA-2020:0375)NessusRed Hat Local Security Checks
critical
133483RHEL 7 : kernel (RHSA-2020:0374)NessusRed Hat Local Security Checks
critical
133480RHEL 8 : kernel (RHSA-2020:0339)NessusRed Hat Local Security Checks
critical
133477RHEL 8 : kernel-rt (RHSA-2020:0328)NessusRed Hat Local Security Checks
critical
133221RHEL 8 : kernel (RHSA-2020:0204)NessusRed Hat Local Security Checks
critical
133142Ubuntu 18.04 LTS : Linux kernel (HWE) vulnerabilities (USN-4225-2)NessusUbuntu Local Security Checks
critical
133101Debian DLA-2068-1 : linux security updateNessusDebian Local Security Checks
critical
132925SUSE SLES12 Security Update : kernel (SUSE-SU-2020:0093-1)NessusSuSE Local Security Checks
critical
132692Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon (USN-4228-1)NessusUbuntu Local Security Checks
critical
132691Ubuntu 16.04 LTS / 18.04 LTS : linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, (USN-4227-1)NessusUbuntu Local Security Checks
critical
132690Ubuntu 18.04 LTS / 19.04 : linux, linux-aws, linux-aws-5.0, linux-azure, linux-gcp, linux-gke-5.0, (USN-4226-1)NessusUbuntu Local Security Checks
critical
132689Ubuntu 18.04 LTS / 19.10 : linux, linux-aws, linux-azure, linux-azure-5.3, linux-gcp, linux-gcp-5.3, (USN-4225-1)NessusUbuntu Local Security Checks
critical
132605EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1012)NessusHuawei Local Security Checks
critical
132430SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3389-1)NessusSuSE Local Security Checks
critical
132394SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:3381-1)NessusSuSE Local Security Checks
critical
132237SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:3317-1)NessusSuSE Local Security Checks
critical
132236SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3316-1)NessusSuSE Local Security Checks
critical
132032openSUSE Security Update : the Linux Kernel (openSUSE-2019-2675)NessusSuSE Local Security Checks
critical
131455Fedora 31 : kernel (2019-91f6e7bb71)NessusFedora Local Security Checks
critical
131453Fedora 30 : kernel (2019-8846a1a5a2)NessusFedora Local Security Checks
critical