Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-12654

Опубликовано: 27 янв. 2020
Источник: redhat
CVSS3: 7.1
EPSS Низкий

Описание

An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591.

A flaw was found in the Linux kernel. The Marvell mwifiex driver allows a remote WiFi access point to trigger a heap-based memory buffer overflow due to an incorrect memcpy operation. The highest threat from this vulnerability is to data integrity and system availability.

Меры по смягчению последствий

In order to mitigate this issue, it is possible to prevent the affected code from being loaded by blacklisting the kernel module mwifiex. For instructions relating to how to blacklist a kernel module, refer to: https://access.redhat.com/solutions/41278

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernel-altAffected
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2020:322129.07.2020
Red Hat Enterprise Linux 7kernelFixedRHSA-2020:322029.07.2020
Red Hat Enterprise Linux 7.2 Advanced Update SupportkernelFixedRHSA-2020:323229.07.2020
Red Hat Enterprise Linux 7.3 Advanced Update SupportkernelFixedRHSA-2020:283207.07.2020
Red Hat Enterprise Linux 7.3 Telco Extended Update SupportkernelFixedRHSA-2020:283207.07.2020
Red Hat Enterprise Linux 7.3 Update Services for SAP SolutionskernelFixedRHSA-2020:283207.07.2020
Red Hat Enterprise Linux 7.4 Advanced Update SupportkernelFixedRHSA-2020:343212.08.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1832530kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c

EPSS

Процентиль: 28%
0.00096
Низкий

7.1 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-12654

CVSS3: 7.1
ubuntu
около 5 лет назад

An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591.

nvd логотип

CVE-2020-12654

CVSS3: 7.1
nvd
около 5 лет назад

An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591.

msrc логотип

CVE-2020-12654

CVSS3: 7.1
msrc
больше 4 лет назад

Описание отсутствует

debian логотип

CVE-2020-12654

CVSS3: 7.1
debian
около 5 лет назад

An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_s ...

github логотип

GHSA-r2mg-x3w3-w45q

github
около 3 лет назад

An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591.

EPSS

Процентиль: 28%
0.00096
Низкий

7.1 High

CVSS3