CVE-2019-14816

There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
redhatCNA
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
linuxlinux_kernel
3.6 ≤
𝑥
< 3.16.74
linuxlinux_kernel
3.17 ≤
𝑥
< 4.4.194
linuxlinux_kernel
4.5 ≤
𝑥
< 4.9.194
linuxlinux_kernel
4.10 ≤
𝑥
< 4.14.146
linuxlinux_kernel
4.15 ≤
𝑥
< 4.19.75
linuxlinux_kernel
4.20 ≤
𝑥
< 5.2.17
redhatvirtualization
4.0
redhatenterprise_linux
5.0
redhatenterprise_linux
6.0
redhatenterprise_linux
6.4
redhatenterprise_linux
7.0
redhatenterprise_linux
7.6
redhatenterprise_linux
8.0
redhatenterprise_linux_compute_node_eus
7.6
redhatenterprise_linux_eus
7.6
redhatenterprise_linux_eus
7.7
redhatenterprise_linux_eus
8.1
redhatenterprise_linux_eus
8.2
redhatenterprise_linux_eus
8.4
redhatenterprise_linux_for_power_big_endian_eus
7.6_ppc64:_ppc64
redhatenterprise_linux_for_real_time_for_nfv_tus
8.2
redhatenterprise_linux_for_real_time_for_nfv_tus
8.4
redhatenterprise_linux_for_real_time_tus
8.2
redhatenterprise_linux_for_real_time_tus
8.4
redhatenterprise_linux_server
7.6
redhatenterprise_linux_server
8.0
redhatenterprise_linux_server_aus
7.2
redhatenterprise_linux_server_aus
7.3
redhatenterprise_linux_server_aus
7.6
redhatenterprise_linux_server_aus
8.2
redhatenterprise_linux_server_aus
8.4
redhatenterprise_linux_server_tus
7.3
redhatenterprise_linux_server_tus
7.6
redhatenterprise_linux_server_tus
8.2
redhatenterprise_linux_server_tus
8.4
redhatenterprise_linux_tus
7.7
redhatmessaging_realtime_grid
2.0
redhatvirtualization
4.2
debiandebian_linux
8.0
netappdata_availability_services
-
netapphci_management_node
-
netappservice_processor
-
netappsolidfire
-
netappsteelstore_cloud_integrated_storage
-
netappa700s_firmware
-
netappa320_firmware
-
netappc190_firmware
-
netappa220_firmware
-
netappfas2720_firmware
-
netappfas2750_firmware
-
netappa800_firmware
-
netapph300s_firmware
-
netapph500s_firmware
-
netapph700s_firmware
-
netapph300e_firmware
-
netapph500e_firmware
-
netapph700e_firmware
-
netapph410s_firmware
-
netapph410s_firmware
-
netapph610s_firmware
-
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
19.04
opensuseleap
15.0
opensuseleap
15.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.226-1
fixed
bookworm
6.1.106-3
fixed
bookworm (security)
6.1.112-1
fixed
trixie
6.11.5-1
fixed
sid
6.11.6-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
linux
focal
not-affected
eoan
not-affected
disco
Fixed 5.0.0-32.34
released
bionic
Fixed 4.15.0-66.75
released
xenial
Fixed 4.4.0-166.195
released
trusty
ignored
linux-aws
focal
not-affected
eoan
not-affected
disco
Fixed 5.0.0-1019.21
released
bionic
Fixed 4.15.0-1052.54
released
xenial
Fixed 4.4.0-1096.107
released
trusty
Fixed 4.4.0-1056.60
released
linux-aws-5.0
focal
dne
eoan
dne
disco
dne
bionic
not-affected
xenial
dne
trusty
dne
linux-aws-hwe
focal
dne
eoan
dne
disco
dne
bionic
dne
xenial
Fixed 4.15.0-1052.54~16.04.1
released
trusty
dne
linux-azure
focal
not-affected
eoan
not-affected
disco
Fixed 5.0.0-1023.24
released
bionic
Fixed 5.0.0-1023.24~18.04.1
released
xenial
Fixed 4.15.0-1061.66
released
trusty
Fixed 4.15.0-1061.66~14.04.1
released
linux-azure-5.3
focal
dne
eoan
dne
disco
dne
bionic
not-affected
xenial
dne
trusty
dne
linux-azure-edge
focal
dne
eoan
dne
disco
dne
bionic
Fixed 5.0.0-1023.24~18.04.1
released
xenial
Fixed 4.15.0-1061.66
released
trusty
dne
linux-gcp
focal
not-affected
eoan
not-affected
disco
Fixed 5.0.0-1021.21
released
bionic
Fixed 5.0.0-1021.21~18.04.1
released
xenial
Fixed 4.15.0-1047.50
released
trusty
dne
linux-gcp-5.3
focal
dne
eoan
dne
disco
dne
bionic
not-affected
xenial
dne
trusty
dne
linux-gcp-edge
focal
dne
eoan
dne
disco
dne
bionic
Fixed 5.0.0-1021.21~18.04.1
released
xenial
dne
trusty
dne
linux-gke-4.15
focal
dne
eoan
dne
disco
dne
bionic
Fixed 4.15.0-1046.49
released
xenial
dne
trusty
dne
linux-gke-5.0
focal
dne
eoan
dne
disco
dne
bionic
Fixed 5.0.0-1023.23~18.04.2
released
xenial
dne
trusty
dne
linux-gke-5.3
focal
dne
eoan
dne
bionic
not-affected
xenial
dne
trusty
dne
linux-hwe
focal
dne
eoan
dne
disco
dne
bionic
Fixed 5.0.0-32.34~18.04.2
released
xenial
Fixed 4.15.0-66.75~16.04.1
released
trusty
dne
linux-hwe-edge
focal
dne
eoan
dne
disco
dne
bionic
ignored
xenial
Fixed 4.15.0-66.75~16.04.1
released
trusty
dne
linux-kvm
focal
not-affected
eoan
not-affected
disco
Fixed 5.0.0-1020.21
released
bionic
Fixed 4.15.0-1048.48
released
xenial
Fixed 4.4.0-1060.67
released
trusty
dne
linux-lts-trusty
focal
dne
eoan
dne
disco
dne
bionic
dne
xenial
dne
trusty
dne
linux-lts-xenial
focal
dne
eoan
dne
disco
dne
bionic
dne
xenial
dne
trusty
Fixed 4.4.0-166.195~14.04.1
released
linux-oem
focal
dne
eoan
Fixed 4.15.0-1059.68
released
disco
ignored
bionic
Fixed 4.15.0-1059.68
released
xenial
ignored
trusty
dne
linux-oem-5.6
focal
not-affected
eoan
dne
bionic
dne
xenial
dne
trusty
dne
linux-oem-osp1
focal
dne
eoan
Fixed 5.0.0-1025.28
released
disco
ignored
bionic
Fixed 5.0.0-1025.28
released
xenial
dne
trusty
dne
linux-oracle
focal
not-affected
eoan
not-affected
disco
ignored
bionic
Fixed 4.15.0-1027.30
released
xenial
Fixed 4.15.0-1027.30~16.04.1
released
trusty
dne
linux-oracle-5.0
focal
dne
eoan
dne
disco
dne
bionic
not-affected
xenial
dne
trusty
dne
linux-oracle-5.3
focal
dne
eoan
dne
bionic
not-affected
xenial
dne
trusty
dne
linux-raspi2
focal
not-affected
eoan
not-affected
disco
Fixed 5.0.0-1020.20
released
bionic
Fixed 4.15.0-1049.53
released
xenial
Fixed 4.4.0-1124.133
released
trusty
dne
linux-raspi2-5.3
focal
dne
eoan
dne
bionic
not-affected
xenial
dne
trusty
dne
linux-snapdragon
focal
dne
eoan
dne
disco
Fixed 5.0.0-1024.25
released
bionic
Fixed 4.15.0-1066.73
released
xenial
Fixed 4.4.0-1128.136
released
trusty
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
http://www.openwall.com/lists/oss-security/2019/08/28/1
https://access.redhat.com/errata/RHSA-2020:0174
https://access.redhat.com/errata/RHSA-2020:0204
https://access.redhat.com/errata/RHSA-2020:0328
https://access.redhat.com/errata/RHSA-2020:0339
https://access.redhat.com/errata/RHSA-2020:0374
https://access.redhat.com/errata/RHSA-2020:0375
https://access.redhat.com/errata/RHSA-2020:0653
https://access.redhat.com/errata/RHSA-2020:0661
https://access.redhat.com/errata/RHSA-2020:0664
https://access.redhat.com/security/cve/cve-2019-14816
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14816
https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3
https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/
https://seclists.org/bugtraq/2019/Nov/11
https://security.netapp.com/advisory/ntap-20191031-0005/
https://usn.ubuntu.com/4157-1/
https://usn.ubuntu.com/4157-2/
https://usn.ubuntu.com/4162-1/
https://usn.ubuntu.com/4162-2/
https://usn.ubuntu.com/4163-1/
https://usn.ubuntu.com/4163-2/
https://www.openwall.com/lists/oss-security/2019/08/28/1
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
http://www.openwall.com/lists/oss-security/2019/08/28/1
https://access.redhat.com/errata/RHSA-2020:0174
https://access.redhat.com/errata/RHSA-2020:0204
https://access.redhat.com/errata/RHSA-2020:0328
https://access.redhat.com/errata/RHSA-2020:0339
https://access.redhat.com/errata/RHSA-2020:0374
https://access.redhat.com/errata/RHSA-2020:0375
https://access.redhat.com/errata/RHSA-2020:0653
https://access.redhat.com/errata/RHSA-2020:0661
https://access.redhat.com/errata/RHSA-2020:0664
https://access.redhat.com/security/cve/cve-2019-14816
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14816
https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3
https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/
https://seclists.org/bugtraq/2019/Nov/11
https://security.netapp.com/advisory/ntap-20191031-0005/
https://usn.ubuntu.com/4157-1/
https://usn.ubuntu.com/4157-2/
https://usn.ubuntu.com/4162-1/
https://usn.ubuntu.com/4162-2/
https://usn.ubuntu.com/4163-1/
https://usn.ubuntu.com/4163-2/
https://www.openwall.com/lists/oss-security/2019/08/28/1