CVE-2019-14816

Exploit

EPSS 0.23%
Veröffentlicht 20.09.2019 19:15:11
Zuletzt bearbeitet 21.11.2024 04:27:25
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 33

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 3.6 < 3.16.74

Linux ≫ Linux Kernel Version >= 3.17 < 4.4.194

Linux ≫ Linux Kernel Version >= 4.5 < 4.9.194

Linux ≫ Linux Kernel Version >= 4.10 < 4.14.146

Linux ≫ Linux Kernel Version >= 4.15 < 4.19.75

Linux ≫ Linux Kernel Version >= 4.20 < 5.2.17

Redhat ≫ Virtualization Version4.0

Redhat ≫ Enterprise Linux Version5.0

Redhat ≫ Enterprise Linux Version6.0

Redhat ≫ Enterprise Linux Version6.4

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Version7.6

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Compute Node Eus Version7.6

Redhat ≫ Enterprise Linux Eus Version7.6

Redhat ≫ Enterprise Linux Eus Version7.7

Redhat ≫ Enterprise Linux Eus Version8.1

Redhat ≫ Enterprise Linux Eus Version8.2

Redhat ≫ Enterprise Linux Eus Version8.4

Redhat ≫ Enterprise Linux For Power Big Endian Eus Version7.6_ppc64

Redhat ≫ Enterprise Linux For Real Time Version7

Redhat ≫ Enterprise Linux For Real Time Version8

Redhat ≫ Enterprise Linux For Real Time For Nfv Version7

Redhat ≫ Enterprise Linux For Real Time For Nfv Version8

Redhat ≫ Enterprise Linux For Real Time For Nfv Tus Version8.2

Redhat ≫ Enterprise Linux For Real Time For Nfv Tus Version8.4

Redhat ≫ Enterprise Linux For Real Time Tus Version8.2

Redhat ≫ Enterprise Linux For Real Time Tus Version8.4

Redhat ≫ Enterprise Linux Server Version7.6

Redhat ≫ Enterprise Linux Server Version8.0

Redhat ≫ Enterprise Linux Server Aus Version7.2

Redhat ≫ Enterprise Linux Server Aus Version7.3

Redhat ≫ Enterprise Linux Server Aus Version7.6

Redhat ≫ Enterprise Linux Server Aus Version8.2

Redhat ≫ Enterprise Linux Server Aus Version8.4

Redhat ≫ Enterprise Linux Server Tus Version7.3

Redhat ≫ Enterprise Linux Server Tus Version7.6

Redhat ≫ Enterprise Linux Server Tus Version8.2

Redhat ≫ Enterprise Linux Server Tus Version8.4

Redhat ≫ Enterprise Linux Tus Version7.7

Redhat ≫ Messaging Realtime Grid Version2.0

Redhat ≫ Virtualization Version4.2

Debian ≫ Debian Linux Version8.0

Fedoraproject ≫ Fedora Version29

Fedoraproject ≫ Fedora Version30

Netapp ≫ Data Availability Services Version-

Netapp ≫ Hci Management Node Version-

Netapp ≫ Service Processor Version-

Netapp ≫ Solidfire Version-

Netapp ≫ Steelstore Cloud Integrated Storage Version-

Netapp ≫ A700s Firmware Version-

Netapp ≫ A700s Version-

Netapp ≫ A320 Firmware Version-

Netapp ≫ A320 Version-

Netapp ≫ C190 Firmware Version-

Netapp ≫ C190 Version-

Netapp ≫ A220 Firmware Version-

Netapp ≫ A220 Version-

Netapp ≫ Fas2720 Firmware Version-

Netapp ≫ Fas2720 Version-

Netapp ≫ Fas2750 Firmware Version-

Netapp ≫ Fas2750 Version-

Netapp ≫ A800 Firmware Version-

Netapp ≫ A800 Version-

Netapp ≫ H300s Firmware Version-

Netapp ≫ H300s Version-

Netapp ≫ H500s Firmware Version-

Netapp ≫ H500s Version-

Netapp ≫ H700s Firmware Version-

Netapp ≫ H700s Version-

Netapp ≫ H300e Firmware Version-

Netapp ≫ H300e Version-

Netapp ≫ H500e Firmware Version-

Netapp ≫ H500e Version-

Netapp ≫ H700e Firmware Version-

Netapp ≫ H700e Version-

Netapp ≫ H410s Firmware Version-

Netapp ≫ H410s Version-

Netapp ≫ H410s Firmware Version-

Netapp ≫ H410s Version-

Netapp ≫ H610s Firmware Version-

Netapp ≫ H610s Version-

Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version19.04

Opensuse ≫ Leap Version15.0

Opensuse ≫ Leap Version15.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.462

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C
secalert@redhat.com	5.5	1.8	3.6	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://usn.ubuntu.com/4163-1/

Third Party Advisory

https://usn.ubuntu.com/4163-2/

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html

Third Party Advisory

Mailing List

https://access.redhat.com/errata/RHSA-2020:0174

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0204