Описание
There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
A vulnerability was found in the Linux kernel's Marvell WiFi chip driver. Where, while parsing vendor-specific informational attributes, an attacker on the same WiFi physical network segment could cause a system crash, resulting in a denial of service, or potentially execute arbitrary code. This flaw affects the network interface at the most basic level meaning the attacker only needs to affiliate with the same network device as the vulnerable system to create an attack path.
Меры по смягчению последствий
At this time there is no mitigation to the flaw, if you are able to disable wireless and your system is able to work this will be a temporary mitigation until a kernel update is available for installation.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Not affected | ||
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2020:0375 | 04.02.2020 |
| Red Hat Enterprise Linux 7 | kernel-alt | Fixed | RHSA-2020:0174 | 21.01.2020 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2020:0374 | 04.02.2020 |
| Red Hat Enterprise Linux 7.2 Advanced Update Support | kernel | Fixed | RHSA-2020:0661 | 03.03.2020 |
| Red Hat Enterprise Linux 7.3 Advanced Update Support | kernel | Fixed | RHSA-2020:0653 | 03.03.2020 |
| Red Hat Enterprise Linux 7.3 Telco Extended Update Support | kernel | Fixed | RHSA-2020:0653 | 03.03.2020 |
| Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions | kernel | Fixed | RHSA-2020:0653 | 03.03.2020 |
| Red Hat Enterprise Linux 7.4 Advanced Update Support | kernel | Fixed | RHSA-2020:1347 | 07.04.2020 |
Показывать по
Дополнительная информация
Статус:
8 High
CVSS3
Связанные уязвимости
There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
There is heap-based buffer overflow in kernel, all versions up to, exc ...
There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
Уязвимость функции mwifiex_update_vs_ie() драйвера Wi-Fi Marvell ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
8 High
CVSS3