#VU28162 Out-of-bounds write in Linux kernel


Vulnerability identifier: #VU28162

Vulnerability risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-12654

CWE-ID: CWE-787

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in the "mwifiex_ret_wmm_get_status()" function in "drivers/net/wireless/marvell/mwifiex/wmm.c" file. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel: 5.5 - 5.5.3

External links
http://www.openwall.com/lists/oss-security/2020/05/08/2
http://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3a9b153c5591548612c3955c9600a98150c81875
http://github.com/torvalds/linux/commit/3a9b153c5591548612c3955c9600a98150c81875

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell EMC Data Computing Appliance (DCA)
Multiple vulnerabilities in Oracle VM Server for x86
Red Hat Enterprise Linux 7 update for kernel
Red Hat Enterprise MRG 2 update for kernel-rt
CentOS 7 update for kernel
Red Hat Enterprise Linux 7 update for kernel
Red Hat Enterprise Linux 7 update for kernel-rt
Red Hat Enterprise Linux 7 update for kernel
Red Hat Enterprise Linux 7 update for kernel
Red Hat Enterprise Linux 7 update for kernel