CVE-2019-14901

NameCVE-2019-14901
DescriptionA heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)jessie3.16.56-1+deb8u1vulnerable
jessie (security)3.16.76-1vulnerable
stretch4.9.189-3vulnerable
stretch (security)4.9.189-3+deb9u2vulnerable
buster4.19.67-2+deb10u1vulnerable
buster (security)4.19.67-2+deb10u2vulnerable
bullseye5.3.9-3vulnerable
sid5.3.15-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsource(unstable)(unfixed)

Notes

https://www.openwall.com/lists/oss-security/2019/11/22/2

Search for package or bug name: Reporting problems