CVE-2019-14896

CRITICAL

Linux Kernel < 3.16.83 - Out-of-Bounds Write

Title source: rule

Description

A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.

References (16)

Core 16

Core References

Issue Tracking, Third Party Advisory x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14896

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20200103-0001/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4228-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4227-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4226-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4225-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4228-2/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4227-2/

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4225-2/

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html

Scores

CVSS v3 9.8

EPSS 0.0074

EPSS Percentile 72.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-122 CWE-787

Status published

Products (9)

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 18.04

canonical/ubuntu_linux 19.10

debian/debian_linux 8.0

fedoraproject/fedora 30

fedoraproject/fedora 31

linux/linux_kernel 2.6.32 - 3.16.83

redhat/enterprise_linux 6.0

Published Nov 27, 2019

Tracked Since Feb 18, 2026