CVE-2019-14814
CVE-2019-14814
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.5EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
20 Sep 2019Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected products
Linux · kernelWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.htmlhttp://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.htmlhttp://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.htmlhttps://access.redhat.com/errata/RHSA-2020:0174https://access.redhat.com/errata/RHSA-2020:0328https://access.redhat.com/errata/RHSA-2020:0339https://access.redhat.com/security/cve/cve-2019-14814https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14814https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3ahttps://lists.debian.org/debian-lts-announce/2019/09/msg00025.htmlhttps://lists.debian.org/debian-lts-announce/2020/03/msg00001.html