CVE-2019-10126

EPSS 3.84%
Published 14.06.2019 14:29:00
Last modified 21.11.2024 04:18:28
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.

Affected products Warnungen 0 Metrics 4 CWE 2 References 30

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.2 < 4.4.186

Linux ≫ Linux Kernel Version >= 4.5 < 4.9.186

Linux ≫ Linux Kernel Version >= 4.10 < 4.14.134

Linux ≫ Linux Kernel Version >= 4.15 < 4.19.59

Linux ≫ Linux Kernel Version >= 4.20 < 5.1.18

Redhat ≫ Virtualization Version4.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Aus Version8.2

Redhat ≫ Enterprise Linux Aus Version8.4

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Eus Version7.7

Redhat ≫ Enterprise Linux Eus Version8.1

Redhat ≫ Enterprise Linux Eus Version8.2

Redhat ≫ Enterprise Linux Eus Version8.4

Redhat ≫ Enterprise Linux For Real Time Version7

Redhat ≫ Enterprise Linux For Real Time Version8

Redhat ≫ Enterprise Linux For Real Time For Nfv Version7

Redhat ≫ Enterprise Linux For Real Time For Nfv Tus Version8.2

Redhat ≫ Enterprise Linux For Real Time For Nfv Tus Version8.4

Redhat ≫ Enterprise Linux For Real Time Tus Version8.2

Redhat ≫ Enterprise Linux For Real Time Tus Version8.4

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Version8.0

Redhat ≫ Enterprise Linux Server Aus Version7.7

Redhat ≫ Enterprise Linux Server Tus Version7.7

Redhat ≫ Enterprise Linux Server Tus Version8.2

Redhat ≫ Enterprise Linux Server Tus Version8.4

Redhat ≫ Enterprise Linux Workstation Version7.0

Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version19.04

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Opensuse ≫ Leap Version15.0

Opensuse ≫ Leap Version15.1

Netapp ≫ Active Iq Unified Manager SwPlatformvmware_vsphere Version >= 9.5

Netapp ≫ Hci Management Node Version-

Netapp ≫ Solidfire Version-

Netapp ≫ A700s Firmware Version-

Netapp ≫ A700s Version-

Netapp ≫ Cn1610 Firmware Version-

Netapp ≫ Cn1610 Version-

Netapp ≫ H610s Firmware Version-

Netapp ≫ H610s Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.84%	0.877

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
secalert@redhat.com	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://access.redhat.com/errata/RHSA-2019:3517

Third Party Advisory

https://usn.ubuntu.com/4094-1/

Third Party Advisory

https://usn.ubuntu.com/4118-1/

Third Party Advisory

http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html

Third Party Advisory

VDB Entry

https://access.redhat.com/errata/RHSA-2020:0174