CVE-2019-3846

Description

A flaw was found in the Linux kernel's Marvell wifi chip driver. A heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c allows remote attackers to cause a denial of service(system crash) or execute arbitrary code.

Related CPE's

olinuxlinux_kernel********

olinuxlinux_kernel********

olinuxlinux_kernel********

olinuxlinux_kernel********

olinuxlinux_kernel********

olinuxlinux_kernel********

oredhatenterprise_linux7.0*******

oredhatenterprise_linux6.0*******

oredhatenterprise_linux8.0*******

ocanonicalubuntu_linux16.04***lts***

References

https://seclists.org/oss-sec/2019/q2/133

ExploitMailing ListThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3846

Issue TrackingMitigationPatchThird Party Advisory

DSA-4465

Third Party Advisory

[debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update

Mailing ListThird Party Advisory

[debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update

Mailing ListThird Party Advisory

openSUSE-SU-2019:1570

Mailing ListThird Party Advisory

openSUSE-SU-2019:1571

Mailing ListThird Party Advisory

20190618 [SECURITY] [DSA 4465-1] linux security update

Mailing ListThird Party Advisory

openSUSE-SU-2019:1579

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20190710-0002/

Third Party Advisory

20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)

Mailing ListPatchThird Party Advisory

http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

Third Party AdvisoryVDB Entry

USN-4095-2

Third Party Advisory

USN-4095-1

Third Party Advisory

USN-4094-1

Third Party Advisory

USN-4093-1

Third Party Advisory

http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html

Third Party AdvisoryVDB Entry

USN-4117-1

Third Party Advisory

USN-4118-1

Third Party Advisory

RHSA-2019:2703

Third Party Advisory

RHSA-2019:2741

Third Party Advisory

RHSA-2019:3055

Third Party Advisory

RHSA-2019:3076

Third Party Advisory

RHSA-2019:3089

Third Party Advisory

http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html

Third Party AdvisoryVDB Entry

RHSA-2020:0174

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/

https://access.redhat.com/errata/RHSA-2020:2289

https://bugzilla.redhat.com/show_bug.cgi?id=1713059

https://access.redhat.com/security/cve/CVE-2019-3846

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE/

CvssV3 impact

BaseSeverity

HIGH

ConfidentialityImpact

HIGH

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

ADJACENT_NETWORK

AvailabilityImpact

HIGH

IntegrityImpact

HIGH

PrivilegesRequired

NONE

BaseScore

8.8

VectorString

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Version

3.1

UserInteraction

NONE

CvssV2 impact

Version

2.0

VectorString

AV:A/AC:L/Au:N/C:C/I:C/A:C

AccessVector

ADJACENT_NETWORK

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

COMPLETE

IntegrityImpact

COMPLETE

AvailabilityImpact

COMPLETE

BaseScore

8.300000190734863

Created by Yello
About Severity.io