#VU24684 Out-of-bounds write in Linux kernel - CVE-2019-14901

Vulnerability identifier: #VU24684

Vulnerability risk: Medium

CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-14901

CWE-ID: CWE-787

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in Marvell WiFi chip driver within the "mwifiex_process_tdls_action_frame()" function in "marvell/mwifiex/tdls.c". A remote attacker on the local network can send a specially crafted network traffic, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel: 3.0 - 3.0.101, 3.1 - 3.19.8, 3.2 - 3.2.93, 3.3 rc1 - 3.3.8, 3.4 - 3.4.113, 3.5 - 3.5.7, 3.6 - 3.6.11, 3.7 - 3.7.10, 3.8 - 3.8.13, 3.9 - 3.9.11, 4.0.0, 4.1 - 4.17, 4.2, 4.3, 4.4, 4.5, 4.6, 4.7, 4.8, 4.9

---

External links
https://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14901
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.