Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Adjacent_network
0

CVE-2019-3846

Disclosure Date: June 03, 2019
CVE-2019-3846 CVSS v3 Base Score: 8.8
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
8.8 High
Impact Score:
5.9
Exploitability Score:
2.8
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Adjacent_network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
kernel n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • canonical,
  • debian,
  • fedoraproject,
  • linux,
  • netapp,
  • opensuse,
  • redhat

Products

  • a700s firmware -,
  • active iq unified manager for vmware vsphere,
  • cn1610 firmware -,
  • debian linux 8.0,
  • debian linux 9.0,
  • enterprise linux 6.0,
  • enterprise linux 7.0,
  • enterprise linux 8.0,
  • fedora 29,
  • fedora 30,
  • h610s firmware -,
  • hci management node -,
  • leap 15.0,
  • leap 15.1,
  • leap 42.3,
  • linux kernel,
  • solidfire -,
  • ubuntu linux 14.04,
  • ubuntu linux 16.04,
  • ubuntu linux 18.04,
  • ubuntu linux 19.04

References

Canonical
CVE-2019-3846 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3846)
Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3846
FEDORA-2019-7ec378191e (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE)
FEDORA-2019-f40bd7826f (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI)
DSA-4465 (https://www.debian.org/security/2019/dsa-4465)
[debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update (https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html)
[debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update (https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html)
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html
20190618 [SECURITY] [DSA 4465-1] linux security update (https://seclists.org/bugtraq/2019/Jun/26)
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html
https://security.netapp.com/advisory/ntap-20190710-0002
20190722 [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01) (https://seclists.org/bugtraq/2019/Jul/33)
USN-4093-1 (https://usn.ubuntu.com/4093-1)
USN-4094-1 (https://usn.ubuntu.com/4094-1)
USN-4095-2 (https://usn.ubuntu.com/4095-2)
USN-4095-1 (https://usn.ubuntu.com/4095-1)
USN-4117-1 (https://usn.ubuntu.com/4117-1)
USN-4118-1 (https://usn.ubuntu.com/4118-1)
https://access.redhat.com/errata/RHSA-2019:2703
https://access.redhat.com/errata/RHSA-2019:2741
https://access.redhat.com/errata/RHSA-2019:3076
https://access.redhat.com/errata/RHSA-2019:3055
https://access.redhat.com/errata/RHSA-2019:3089
https://access.redhat.com/errata/RHSA-2020:0174
Miscellaneous
https://seclists.org/oss-sec/2019/q2/133
http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
https://usn.ubuntu.com/4094-1/
https://usn.ubuntu.com/4118-1/
https://access.redhat.com/errata/RHSA-2020:2289
https://security.netapp.com/advisory/ntap-20190710-0002/
https://usn.ubuntu.com/4093-1/
https://usn.ubuntu.com/4095-1/
https://usn.ubuntu.com/4095-2/
https://usn.ubuntu.com/4117-1/
https://access.redhat.com/security/cve/CVE-2019-3846
https://bugzilla.redhat.com/show_bug.cgi?id=1713059
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE/

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis