CVE-2019-14815

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-14815
A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://access.redhat.com/errata/RHSA-2020:0174 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0328 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0339 Third Party Advisory
https://access.redhat.com/security/cve/cve-2019-14815 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14815 Issue Tracking Third Party Advisory
https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3a Issue Tracking Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html Mailing List Third Party Advisory
https://lore.kernel.org/linux-wireless/20190828020751.13625-1-huangwenabc%40gmail.com Issue Tracking Mailing List Patch Vendor Advisory
https://security.netapp.com/advisory/ntap-20200103-0001/ Mailing List Patch Third Party Advisory
https://www.openwall.com/lists/oss-security/2019/08/28/1 Mailing List Patch Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:codeready_linux_builder_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_\(structure_a\):7_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:netapp:altavault:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:baseboard_management_controller:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
History

13 Jul 2023, 13:33

Type Values Removed Values Added
References (CONFIRM) https://security.netapp.com/advisory/ntap-20200103-0001/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20200103-0001/ - Mailing List, Patch, Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2020:0339 - (REDHAT) https://access.redhat.com/errata/RHSA-2020:0339 - Third Party Advisory
References (MISC) https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3a - (MISC) https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3a - Issue Tracking, Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2020:0174 - (REDHAT) https://access.redhat.com/errata/RHSA-2020:0174 - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2020:0328 - (REDHAT) https://access.redhat.com/errata/RHSA-2020:0328 - Third Party Advisory
References (MISC) https://access.redhat.com/security/cve/cve-2019-14815 - (MISC) https://access.redhat.com/security/cve/cve-2019-14815 - Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html - (MLIST) https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html - Mailing List, Third Party Advisory
References (MISC) https://lore.kernel.org/linux-wireless/20190828020751.13625-1-huangwenabc%40gmail.com - (MISC) https://lore.kernel.org/linux-wireless/20190828020751.13625-1-huangwenabc%40gmail.com - Issue Tracking, Mailing List, Patch, Vendor Advisory
First Time Netapp solidfire
Netapp baseboard Management Controller
Netapp steelstore
Redhat enterprise Linux For Real Time For Nfv
Redhat enterprise Linux For Real Time For Nfv Tus
Netapp altavault
Redhat enterprise Linux Server Tus
Netapp
Redhat enterprise Linux For Real Time
Redhat enterprise Linux For Real Time Tus
Redhat enterprise Linux Server Aus
Redhat codeready Linux Builder Eus
Redhat enterprise Linux For Ibm Z Systems Eus
Redhat codeready Linux Builder For Power Little Endian Eus
Redhat enterprise Linux For Ibm Z Systems \(structure A\)
Netapp solidfire Baseboard Management Controller Firmware
Netapp hci
CPE cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:h:netapp:baseboard_management_controller:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:a:netapp:altavault:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_\(structure_a\):7_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
Information

Published : 2019-11-25 11:15

Updated : 2024-02-28 17:28

NVD link : CVE-2019-14815

Mitre link : CVE-2019-14815

CVE.ORG link : CVE-2019-14815

JSON object : View

Products Affected

redhat

  • enterprise_linux_for_real_time
  • enterprise_linux_for_real_time_for_nfv_tus
  • enterprise_linux
  • enterprise_linux_server_tus
  • enterprise_linux_for_real_time_for_nfv
  • codeready_linux_builder_for_power_little_endian_eus
  • enterprise_linux_for_real_time_tus
  • enterprise_linux_for_ibm_z_systems_eus
  • enterprise_linux_server_aus
  • codeready_linux_builder_eus
  • enterprise_linux_for_ibm_z_systems_\(structure_a\)

netapp

  • solidfire
  • altavault
  • steelstore
  • solidfire_baseboard_management_controller_firmware
  • baseboard_management_controller
  • hci

linux

  • linux_kernel
CWE
CWE-122

Heap-based Buffer Overflow

CWE-787

Out-of-bounds Write