CVE-2019-14816 : There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3

There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

Published 2019-09-20 19:15:12

Updated 2023-07-12 19:27:38

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service

Products affected by CVE-2019-14816

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 6.4
cpe:2.3:o:redhat:enterprise_linux:6.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 8.1
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 8.2
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 8.4
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 8.0
cpe:2.3:o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.2
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 8.2
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 8.4
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Power Big Endian Eus » Version: 7.6 Ppc64
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Real Time For Nfv » Version: 7
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Real Time For Nfv » Version: 8
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Real Time » Version: 7
cpe:2.3:o:redhat:enterprise_linux_for_real_time:7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Real Time » Version: 8
cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Compute Node Eus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 8.2
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 8.4
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Tus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_tus:7.7:*:*:*:*:*:*:*
Matching versions
Redhat » Virtualization » Version: 4.0
cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
Matching versions
Redhat » Virtualization » Version: 4.2
cpe:2.3:o:redhat:virtualization:4.2:*:*:*:*:*:*:*
Matching versions
Redhat » Messaging Realtime Grid » Version: 2.0
cpe:2.3:o:redhat:messaging_realtime_grid:2.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Real Time For Nfv Tus » Version: 8.2
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Real Time For Nfv Tus » Version: 8.4
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Real Time Tus » Version: 8.2
cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Real Time Tus » Version: 8.4
cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.4:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.15 and before (<) 4.19.75
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.10 and before (<) 4.14.146
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 3.17 and before (<) 4.4.194
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.5 and before (<) 4.9.194
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 3.6 and before (<) 3.16.74
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.20 and before (<) 5.2.17
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 19.04
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 29
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 30
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
Matching versions
Opensuse » Leap » Version: 15.0
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
Matching versions
Opensuse » Leap » Version: 15.1
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Matching versions
Netapp » Steelstore Cloud Integrated Storage » Version: N/A
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
Matching versions
Netapp » Service Processor » Version: N/A
cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*
Matching versions
Netapp » Hci Management Node » Version: N/A
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
Matching versions
Netapp » Solidfire » Version: N/A
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
Matching versions
Netapp » Data Availability Services » Version: N/A
cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*
Matching versions
Netapp » H610s Firmware » Version: N/A
cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H610s » Version: N/A
Netapp » A700s Firmware » Version: N/A
cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » A700s » Version: N/A
Netapp » H300s Firmware » Version: N/A
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H300s » Version: N/A
Netapp » H500s Firmware » Version: N/A
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H500s » Version: N/A
Netapp » H700s Firmware » Version: N/A
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H700s » Version: N/A
Netapp » H300e Firmware » Version: N/A
cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H300e » Version: N/A
Netapp » H500e Firmware » Version: N/A
cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H500e » Version: N/A
Netapp » H700e Firmware » Version: N/A
cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H700e » Version: N/A
Netapp » H410s Firmware » Version: N/A
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H410s » Version: N/A
Netapp » A320 Firmware » Version: N/A
cpe:2.3:o:netapp:a320_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » A320 » Version: N/A
Netapp » C190 Firmware » Version: N/A
cpe:2.3:o:netapp:c190_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » C190 » Version: N/A
Netapp » A220 Firmware » Version: N/A
cpe:2.3:o:netapp:a220_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » A220 » Version: N/A
Netapp » Fas2720 Firmware » Version: N/A
cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Fas2720 » Version: N/A
Netapp » Fas2750 Firmware » Version: N/A
cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Fas2750 » Version: N/A
Netapp » A800 Firmware » Version: N/A
cpe:2.3:o:netapp:a800_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » A800 » Version: N/A

Threat overview for CVE-2019-14816

Top countries where our scanners detected CVE-2019-14816

Top open port discovered on systems with this issue 53

IPs affected by CVE-2019-14816 851,777

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2019-14816!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2019-14816

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 17 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-14816

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	Red Hat, Inc.
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2019-14816

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Assigned by: secalert@redhat.com (Primary)
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Secondary)

References for CVE-2019-14816

https://access.redhat.com/errata/RHSA-2020:0328

RHSA-2020:0328 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/4163-2/

USN-4163-2: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/security/cve/cve-2019-14816

CVE-2019-14816 - Red Hat Customer Portal
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/

[SECURITY] Fedora 29 Update: kernel-headers-5.2.11-100.fc29 - package-announce - Fedora Mailing-Lists
Issue Tracking;Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2020:0375

RHSA-2020:0375 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://seclists.org/bugtraq/2019/Nov/11

Bugtraq: [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)
Mailing List;Patch;Third Party Advisory

CVEs referencing this url
https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3

mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_se… · torvalds/linux@7caac62 · GitHub
Patch;Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/

[SECURITY] Fedora 30 Update: kernel-5.2.11-200.fc30 - package-announce - Fedora Mailing-Lists
Issue Tracking;Third Party Advisory

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2019/08/28/1

oss-security - Linux kernel: three heap overflow in the marvell wifi driver
Exploit;Mailing List;Patch;Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/4162-2/

USN-4162-2: Linux kernel (Azure) vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2020:0664

RHSA-2020:0664 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html

[SECURITY] [DLA 2114-1] linux-4.9 security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2020:0174

RHSA-2020:0174 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/4163-1/

USN-4163-1: Linux kernel vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20191031-0005/

October 2019 Linux Kernel Vulnerabilities in NetApp Products | NetApp Product Security
Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/4157-1/

USN-4157-1: Linux kernel vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

Slackware Security Advisory - Slackware 14.2 kernel Updates ≈ Packet Storm
Third Party Advisory;VDB Entry

CVEs referencing this url
https://usn.ubuntu.com/4162-1/

USN-4162-1: Linux kernel vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2020:0339

RHSA-2020:0339 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2020:0661

RHSA-2020:0661 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://www.openwall.com/lists/oss-security/2019/08/28/1

oss-security - Linux kernel: three heap overflow in the marvell wifi driver
Exploit;Mailing List;Patch;Third Party Advisory

CVEs referencing this url
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html

Kernel Live Patch Security Notice LSN-0058-1 ≈ Packet Storm
Third Party Advisory;VDB Entry

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14816

1744149 – (CVE-2019-14816) CVE-2019-14816 kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell Wifi Driver leading to a DoS
Exploit;Issue Tracking;Patch;Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0653

RHSA-2020:0653 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html

[security-announce] openSUSE-SU-2019:2173-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/4157-2/

USN-4157-2: Linux kernel (HWE) vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html

[SECURITY] [DLA 1930-1] linux security update
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html

[security-announce] openSUSE-SU-2019:2181-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2020:0204

RHSA-2020:0204 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2020:0374

RHSA-2020:0374 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url