Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-12653

Опубликовано: 27 янв. 2020
Источник: redhat
CVSS3: 7.8
EPSS Низкий

Описание

An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.

A flaw was found in the way the mwifiex_cmd_append_vsie_tlv() in Linux kernel's Marvell WiFi-Ex driver handled vendor specific information elements. A local user could use this flaw to escalate their privileges on the system.

Меры по смягчению последствий

In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module mwifiex. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernel-altAffected
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2020:322129.07.2020
Red Hat Enterprise Linux 7kernelFixedRHSA-2020:322029.07.2020
Red Hat Enterprise Linux 7.2 Advanced Update SupportkernelFixedRHSA-2020:323229.07.2020
Red Hat Enterprise Linux 7.3 Advanced Update SupportkernelFixedRHSA-2020:283207.07.2020
Red Hat Enterprise Linux 7.3 Telco Extended Update SupportkernelFixedRHSA-2020:283207.07.2020
Red Hat Enterprise Linux 7.3 Update Services for SAP SolutionskernelFixedRHSA-2020:283207.07.2020
Red Hat Enterprise Linux 7.4 Advanced Update SupportkernelFixedRHSA-2020:343212.08.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-120
https://bugzilla.redhat.com/show_bug.cgi?id=1831868kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c

EPSS

Процентиль: 42%
0.00198
Низкий

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-12653

CVSS3: 7.8
ubuntu
около 5 лет назад

An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.

nvd логотип

CVE-2020-12653

CVSS3: 7.8
nvd
около 5 лет назад

An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.

msrc логотип

CVE-2020-12653

CVSS3: 7.8
msrc
больше 4 лет назад

Описание отсутствует

debian логотип

CVE-2020-12653

CVSS3: 7.8
debian
около 5 лет назад

An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_appen ...

github логотип

GHSA-gj62-72x5-vwvc

CVSS3: 7.8
github
около 3 лет назад

An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.

EPSS

Процентиль: 42%
0.00198
Низкий

7.8 High

CVSS3