7.8
CVE-2019-14814
- EPSS 0.25%
- Published 20.09.2019 19:15:11
- Last modified 21.11.2024 04:27:24
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
Data is provided by the National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 3.7 < 3.16.74
Linux ≫ Linux Kernel Version >= 3.17 < 4.4.194
Linux ≫ Linux Kernel Version >= 4.5 < 4.9.194
Linux ≫ Linux Kernel Version >= 4.10 < 4.14.146
Linux ≫ Linux Kernel Version >= 4.15 < 4.19.75
Linux ≫ Linux Kernel Version >= 4.20 < 5.2.17
Redhat ≫ Enterprise Linux Version5.0
Redhat ≫ Enterprise Linux Version6.0
Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Eus Version8.1
Redhat ≫ Enterprise Linux Eus Version8.2
Redhat ≫ Enterprise Linux Eus Version8.4
Redhat ≫ Enterprise Linux For Real Time Version8
Redhat ≫ Enterprise Linux For Real Time For Nfv Version8
Redhat ≫ Enterprise Linux For Real Time For Nfv Tus Version8.2
Redhat ≫ Enterprise Linux For Real Time For Nfv Tus Version8.4
Redhat ≫ Enterprise Linux For Real Time Tus Version8.2
Redhat ≫ Enterprise Linux For Real Time Tus Version8.4
Redhat ≫ Enterprise Linux Server Aus Version8.2
Redhat ≫ Enterprise Linux Server Aus Version8.4
Redhat ≫ Enterprise Linux Server Tus Version8.2
Redhat ≫ Enterprise Linux Server Tus Version8.4
Redhat ≫ Messaging Realtime Grid Version2.0
Debian ≫ Debian Linux Version8.0
Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version19.04
Netapp ≫ Data Availability Services Version-
Netapp ≫ Hci Management Node Version-
Netapp ≫ Service Processor Version-
Netapp ≫ Steelstore Cloud Integrated Storage Version-
Netapp ≫ A700s Firmware Version-
Netapp ≫ A320 Firmware Version-
Netapp ≫ C190 Firmware Version-
Netapp ≫ A220 Firmware Version-
Netapp ≫ Fas2720 Firmware Version-
Netapp ≫ Fas2750 Firmware Version-
Netapp ≫ A800 Firmware Version-
Netapp ≫ H300s Firmware Version-
Netapp ≫ H500s Firmware Version-
Netapp ≫ H700s Firmware Version-
Netapp ≫ H300e Firmware Version-
Netapp ≫ H500e Firmware Version-
Netapp ≫ H700e Firmware Version-
Netapp ≫ H410s Firmware Version-
Netapp ≫ H410c Firmware Version-
Netapp ≫ H610s Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.483 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
| secalert@redhat.com | 5.5 | 1.8 | 3.6 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-122 Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.