Lucene search

K

[email protected]NVD:CVE-2019-14901

HistoryNov 29, 2019 - 3:15 p.m.

CVE-2019-14901

2019-11-2915:15:11

CWE-122

CWE-400

CWE-787

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.024 Low

EPSS

Percentile

89.9%

A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.

Affected configurations

NVD

Node

linuxlinux_kernelRange3.15–3.16.83

OR

linuxlinux_kernelRange3.17–4.4.217

OR

linuxlinux_kernelRange4.5–4.9.217

OR

linuxlinux_kernelRange4.10–4.14.164

OR

linuxlinux_kernelRange4.15–4.19.95

OR

linuxlinux_kernelRange4.20–5.4.11

Node

fedoraprojectfedoraMatch30

OR

fedoraprojectfedoraMatch31

Node

debiandebian_linuxMatch8.0

Node

canonicalubuntu_linuxMatch14.04esm

OR

canonicalubuntu_linuxMatch16.04esm

OR

canonicalubuntu_linuxMatch18.04lts

OR

canonicalubuntu_linuxMatch19.10

References

lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html

packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html

packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html

access.redhat.com/errata/RHSA-2020:0204

access.redhat.com/errata/RHSA-2020:0328

access.redhat.com/errata/RHSA-2020:0339

access.redhat.com/errata/RHSA-2020:0374

access.redhat.com/errata/RHSA-2020:0375

bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14901

lists.debian.org/debian-lts-announce/2020/01/msg00013.html

lists.debian.org/debian-lts-announce/2020/03/msg00001.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/

usn.ubuntu.com/4225-1/

usn.ubuntu.com/4225-2/

usn.ubuntu.com/4226-1/

usn.ubuntu.com/4227-1/

usn.ubuntu.com/4227-2/

usn.ubuntu.com/4228-1/

usn.ubuntu.com/4228-2/

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.024 Low

EPSS

Percentile

89.9%

Related for NVD:CVE-2019-14901

prion1 debiancve1 redhatcve1 cvelist1 cve1 ubuntucve1 nessus47 oraclelinux5 f51 centos2 redhat6 openvas43 ubuntu7 cloudfoundry1 slackware1 fedora13 androidsecurity1 suse1 debian2 osv2 ibm2