Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

None

Attack Vector

Network

0

CVE-2019-14895

Disclosure Date: November 29, 2019 •

CVE-2019-14895 CVSS v3 Base Score: 9.8

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

9.8 Critical

Impact Score:

5.9

Exploitability Score:

3.9

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

canonical,
debian,
fedoraproject,
linux,
opensuse

Products

debian linux 8.0,
fedora 30,
fedora 31,
leap 15.1,
linux kernel,
ubuntu linux 14.04,
ubuntu linux 16.04,
ubuntu linux 18.04,
ubuntu linux 19.04,
ubuntu linux 19.10

References

Canonical

CVE-2019-14895 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14895)

Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14895

FEDORA-2019-91f6e7bb71 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ)

FEDORA-2019-8846a1a5a2 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ)

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html

USN-4228-1 (https://usn.ubuntu.com/4228-1)

USN-4227-1 (https://usn.ubuntu.com/4227-1)

USN-4226-1 (https://usn.ubuntu.com/4226-1)

USN-4225-1 (https://usn.ubuntu.com/4225-1)

USN-4228-2 (https://usn.ubuntu.com/4228-2)

USN-4227-2 (https://usn.ubuntu.com/4227-2)

[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update (https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html)

USN-4225-2 (https://usn.ubuntu.com/4225-2)

https://access.redhat.com/errata/RHSA-2020:0328

https://access.redhat.com/errata/RHSA-2020:0339

https://access.redhat.com/errata/RHSA-2020:0374

https://access.redhat.com/errata/RHSA-2020:0375

https://access.redhat.com/errata/RHSA-2020:0543

https://access.redhat.com/errata/RHSA-2020:0592

https://access.redhat.com/errata/RHSA-2020:0609

[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update (https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html)

https://access.redhat.com/errata/RHSA-2020:0653

https://access.redhat.com/errata/RHSA-2020:0661

https://access.redhat.com/errata/RHSA-2020:0664

Miscellaneous

https://www.openwall.com/lists/oss-security/2019/11/22/2

http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html

http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html

https://usn.ubuntu.com/4226-1/

https://access.redhat.com/errata/RHSA-2020:0831

https://access.redhat.com/errata/RHSA-2020:1493

https://access.redhat.com/security/cve/CVE-2019-14895

https://bugzilla.redhat.com/show_bug.cgi?id=1774870

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/

https://usn.ubuntu.com/4225-1/

https://usn.ubuntu.com/4225-2/

https://usn.ubuntu.com/4227-1/

https://usn.ubuntu.com/4227-2/

https://usn.ubuntu.com/4228-1/

https://usn.ubuntu.com/4228-2/

Rapid7

Technical Analysis