Lucene search

[email protected]NVD:CVE-2019-14814

HistorySep 20, 2019 - 7:15 p.m.

CVE-2019-14814

2019-09-2019:15:11

CWE-122

CWE-787

[email protected]

web.nvd.nist.gov

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

Affected configurations

NVD

Node

linuxlinux_kernelRange3.7–3.16.74

linuxlinux_kernelRange3.17–4.4.194

linuxlinux_kernelRange4.5–4.9.194

linuxlinux_kernelRange4.10–4.14.146

linuxlinux_kernelRange4.15–4.19.75

linuxlinux_kernelRange4.20–5.2.17

Node

redhatenterprise_linuxMatch5.0

redhatenterprise_linuxMatch6.0

redhatenterprise_linuxMatch7.0

redhatenterprise_linuxMatch8.0

redhatenterprise_linux_eusMatch8.1

redhatenterprise_linux_eusMatch8.2

redhatenterprise_linux_eusMatch8.4

redhatenterprise_linux_for_real_timeMatch8

redhatenterprise_linux_for_real_time_for_nfvMatch8

redhatenterprise_linux_for_real_time_for_nfv_tusMatch8.2

redhatenterprise_linux_for_real_time_for_nfv_tusMatch8.4

redhatenterprise_linux_for_real_time_tusMatch8.2

redhatenterprise_linux_for_real_time_tusMatch8.4

redhatenterprise_linux_server_ausMatch8.2

redhatenterprise_linux_server_ausMatch8.4

redhatenterprise_linux_server_tusMatch8.2

redhatenterprise_linux_server_tusMatch8.4

redhatmessaging_realtime_gridMatch2.0

Node

debiandebian_linuxMatch8.0

Node

canonicalubuntu_linuxMatch14.04esm

canonicalubuntu_linuxMatch16.04esm

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch19.04

Node

opensuseleapMatch15.0

opensuseleapMatch15.1

Node

netappdata_availability_servicesMatch-

netapphci_management_nodeMatch-

netappservice_processorMatch-

netappsolidfireMatch-

netappsteelstore_cloud_integrated_storageMatch-

Node

netappa700sMatch-

AND

netappa700s_firmwareMatch-

Node

netappa320Match-

AND

netappa320_firmwareMatch-

Node

netappc190Match-

AND

netappc190_firmwareMatch-

Node

netappa220Match-

AND

netappa220_firmwareMatch-

Node

netappfas2720Match-

AND

netappfas2720_firmwareMatch-

Node

netappfas2750Match-

AND

netappfas2750_firmwareMatch-

Node

netappa800_firmwareMatch-

AND

netappa800Match-

Node

netapph300s_firmwareMatch-

AND

netapph300sMatch-

Node

netapph500s_firmwareMatch-

AND

netapph500sMatch-

Node

netapph700s_firmwareMatch-

AND

netapph700sMatch-

Node

netapph300e_firmwareMatch-

AND

netapph300eMatch-

Node

netapph500e_firmwareMatch-

AND

netapph500eMatch-

Node

netapph700e_firmwareMatch-

AND

netapph700eMatch-

Node

netapph410s_firmwareMatch-

AND

netapph410sMatch-

Node

netapph410c_firmwareMatch-

AND

netapph410cMatch-

Node

netapph610s_firmwareMatch-

AND

netapph610sMatch-

References

lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html

packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html

packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

www.openwall.com/lists/oss-security/2019/08/28/1

access.redhat.com/errata/RHSA-2020:0174

access.redhat.com/errata/RHSA-2020:0328

access.redhat.com/errata/RHSA-2020:0339

access.redhat.com/security/cve/cve-2019-14814

bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14814

github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3a

lists.debian.org/debian-lts-announce/2019/09/msg00025.html

lists.debian.org/debian-lts-announce/2020/03/msg00001.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/

seclists.org/bugtraq/2019/Nov/11

security.netapp.com/advisory/ntap-20191031-0005/

usn.ubuntu.com/4157-1/

usn.ubuntu.com/4157-2/

usn.ubuntu.com/4162-1/

usn.ubuntu.com/4162-2/

usn.ubuntu.com/4163-1/

usn.ubuntu.com/4163-2/

www.openwall.com/lists/oss-security/2019/08/28/1

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for NVD:CVE-2019-14814

veracode1 osv3 debiancve1 cve1 redhatcve1 prion1 cvelist1 ubuntucve1 openvas50 mageia3 nessus36 fedora19 oraclelinux3 ubuntu6 cloudfoundry1 redhat4 slackware1 debian2 centos1 suse2