Vulnerability CVE-2019-14816: Information

Description

There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-14816

Published: Sept. 20, 2019

Modified: July 12, 2023

Error type identifier: CWE-122

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
kernel-image-mp	sisyphus	5.3.4-alt1	6.8.12-alt1	ALT-PU-2019-2838-1	238827	Fixed
kernel-image-mp	p10	5.3.4-alt1	6.1.19-alt1	ALT-PU-2019-2838-1	238827	Fixed
kernel-image-mp	p9	5.5.16-alt1	5.12.16-alt1	ALT-PU-2020-1714-1	249865	Fixed
kernel-image-mp	c9f2	5.5.16-alt1	5.7.16-alt1	ALT-PU-2020-1714-1	249865	Fixed
kernel-image-mp	p11	5.3.4-alt1	6.8.8-alt1	ALT-PU-2019-2838-1	238827	Fixed
kernel-image-rpi-def	sisyphus	5.4.51-alt1	5.15.92-alt2	ALT-PU-2020-2410-1	254998	Fixed
kernel-image-rpi-def	p10	5.4.51-alt1	5.15.92-alt2	ALT-PU-2020-2410-1	254998	Fixed
kernel-image-rpi-def	p9	5.4.51-alt2	5.10.81-alt1	ALT-PU-2020-2433-1	255241	Fixed
kernel-image-rpi-def	c9f2	5.4.51-alt2	5.4.61-alt1	ALT-PU-2020-2433-1	255241	Fixed
kernel-image-rpi-def	p11	5.4.51-alt1	5.15.92-alt2	ALT-PU-2020-2410-1	254998	Fixed
kernel-image-rt	sisyphus	5.10.35-alt1.rt39	6.1.92-alt1.rt32	ALT-PU-2021-1870-1	272532	Fixed
kernel-image-rt	p10	5.10.35-alt1.rt39	5.10.217-alt1.rt109	ALT-PU-2021-1870-1	272532	Fixed
kernel-image-rt	p11	5.10.35-alt1.rt39	6.1.90-alt2.rt30	ALT-PU-2021-1870-1	272532	Fixed
kernel-image-std-debug	sisyphus	4.19.95-alt1	6.1.92-alt1	ALT-PU-2020-1025-1	244120	Fixed
kernel-image-std-debug	c9f2	4.19.97-alt1	4.19.102-alt1	ALT-PU-2020-1070-1	244478	Fixed
kernel-image-std-debug	p11	4.19.95-alt1	6.1.91-alt1	ALT-PU-2020-1025-1	244120	Fixed
kernel-image-std-def	sisyphus	4.19.75-alt1	6.1.92-alt1	ALT-PU-2019-2764-1	237940	Fixed
kernel-image-std-def	p10	4.19.75-alt1	5.10.218-alt1	ALT-PU-2019-2764-1	237940	Fixed
kernel-image-std-def	p9	4.19.78-alt1	5.4.277-alt1	ALT-PU-2019-2890-1	238864	Fixed
kernel-image-std-def	p8	4.9.194-alt0.M80P.1	4.9.337-alt0.M80P.1	ALT-PU-2019-2797-1	237950	Fixed
kernel-image-std-def	c9f2	4.19.78-alt1	5.10.214-alt0.c9f.2	ALT-PU-2019-2890-1	238864	Fixed
kernel-image-std-def	c7	4.4.194-alt0.M70C.1	4.4.277-alt0.M70C.1	ALT-PU-2019-2779-1	237953	Fixed
kernel-image-std-def	p11	4.19.75-alt1	6.1.91-alt1	ALT-PU-2019-2764-1	237940	Fixed
kernel-image-un-def	sisyphus	5.2.17-alt1	6.6.32-alt1	ALT-PU-2019-2763-1	237944	Fixed
kernel-image-un-def	p10	5.2.17-alt1	6.1.90-alt1	ALT-PU-2019-2763-1	237944	Fixed
kernel-image-un-def	p9	5.2.17-alt1	5.10.218-alt1	ALT-PU-2019-2768-1	237945	Fixed
kernel-image-un-def	p8	4.19.75-alt0.M80P.1	4.19.310-alt0.M80P.1	ALT-PU-2019-2786-1	237946	Fixed
kernel-image-un-def	c10f1	5.2.17-alt1	6.1.85-alt0.c10f.1	ALT-PU-2019-2763-1	237944	Fixed
kernel-image-un-def	c9f2	5.2.17-alt1	5.10.29-alt2	ALT-PU-2019-2768-1	237945	Fixed
kernel-image-un-def	c7	4.9.277-alt0.M70C.1	4.9.277-alt0.M70C.1	ALT-PU-2021-3032-1	281292	Fixed
kernel-image-un-def	p11	5.2.17-alt1	6.6.31-alt1	ALT-PU-2019-2763-1	237944	Fixed
usbip	sisyphus	5.10-alt1	5.10-alt1	ALT-PU-2023-1798-1	320453	Fixed
usbip	p10	5.10-alt1	5.10-alt1	ALT-PU-2023-1903-1	320461	Fixed
usbip	p11	5.10-alt1	5.10-alt1	ALT-PU-2023-1798-1	320453	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://www.openwall.com/lists/oss-security/2019/08/28/1	Exploit Mailing List Patch Third Party Advisory
https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3	Patch Third Party Advisory
[oss-security] 20190828 Linux kernel: three heap overflow in the marvell wifi driver	Exploit Mailing List Patch Third Party Advisory
https://access.redhat.com/security/cve/cve-2019-14816	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14816	Exploit Issue Tracking Patch Third Party Advisory
openSUSE-SU-2019:2173	Mailing List Third Party Advisory
openSUSE-SU-2019:2181	Mailing List Third Party Advisory
[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update	Mailing List Third Party Advisory
USN-4157-1	Third Party Advisory
USN-4157-2	Third Party Advisory
USN-4162-1	Third Party Advisory
USN-4163-1	Third Party Advisory
USN-4163-2	Third Party Advisory
USN-4162-2	Third Party Advisory
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html	Third Party Advisory VDB Entry
https://security.netapp.com/advisory/ntap-20191031-0005/	Third Party Advisory
20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)	Mailing List Patch Third Party Advisory
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html	Third Party Advisory VDB Entry
RHSA-2020:0174	Third Party Advisory
RHSA-2020:0204	Third Party Advisory
RHSA-2020:0328	Third Party Advisory
RHSA-2020:0339	Third Party Advisory
RHSA-2020:0375	Third Party Advisory
RHSA-2020:0374	Third Party Advisory
[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update	Mailing List Third Party Advisory
RHSA-2020:0653	Third Party Advisory
RHSA-2020:0661	Third Party Advisory
RHSA-2020:0664	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/	Issue Tracking Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/	Issue Tracking Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  4.20
  End excliding
  5.2.17
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  3.17
  End excliding
  4.4.194
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  4.5
  End excliding
  4.9.194
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  4.10
  End excliding
  4.14.146
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  4.15
  End excliding
  4.19.75
  cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Start including
  3.6
  End excliding
  3.16.74
  
  Configuration 2
  cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_for_real_time:7:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:7:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux:6.4:*:*:*:*:*:*:*
  cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:virtualization:4.2:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_tus:7.7:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:messaging_realtime_grid:2.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.4:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.2:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.4:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.2:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.6:*:*:*:*:*:*:*
  cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:*:*:*:*:*:*:*
  
  Configuration 3
  cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
  
  Configuration 4
  cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
  
  Configuration 5
  cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*
  
  Configuration 6
  cpe:2.3:o:netapp:a320_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:a320:-:*:*:*:*:*:*:*
  
  Configuration 7
  cpe:2.3:o:netapp:c190_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:c190:-:*:*:*:*:*:*:*
  
  Configuration 8
  cpe:2.3:o:netapp:a220_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:a220:-:*:*:*:*:*:*:*
  
  Configuration 9
  cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:fas2720:-:*:*:*:*:*:*:*
  
  Configuration 10
  cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:fas2750:-:*:*:*:*:*:*:*
  
  Configuration 11
  cpe:2.3:o:netapp:a800_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:a800:-:*:*:*:*:*:*:*
  
  Configuration 12
  cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
  
  Configuration 13
  cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
  
  Configuration 14
  cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
  
  Configuration 15
  cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*
  
  Configuration 16
  cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*
  
  Configuration 17
  cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*
  
  Configuration 18
  cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
  
  Configuration 19
  cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
  
  Configuration 20
  cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*
  
  Configuration 21
  cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
  cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
  
  Configuration 22
  cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
  cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Version: v24.5.3

Vulnerability CVE-2019-14816: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5

Configuration 6

Configuration 7

Configuration 8

Configuration 9

Configuration 10

Configuration 11

Configuration 12

Configuration 13

Configuration 14

Configuration 15

Configuration 16

Configuration 17

Configuration 18

Configuration 19

Configuration 20

Configuration 21

Configuration 22