CVE-2019-14816: Buffer Overflow

Published Aug 21, 2019
·
Updated

A vulnerability was found in the Linux kernel's Marvell WiFi chip driver. Where, while parsing vendor-specific informational attributes, an attacker on the same WiFi physical network segment could cause a system crash, resulting in a denial of service, or potentially execute arbitrary code. This flaw affects the network interface at the most basic level meaning the attacker only needs to affiliate with the same network device as the vulnerable system to create an attack path.

Other sources

Linux Kernel is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by mwifiexupdatevsie() function of Marvell Wifi Driver. By sending a specially-crafted packet, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the system to crash.

IBM

There is heap-based buffer overflow in kernel, all versions up to, exc ...

Debian

There is heap-based buffer overflow in marvell wifi chip driver in Linux kernel while parsing vendor specific infomormational attributes allows an attacker on the same wifi physical network segment to cause a denial of service(system crash) or possibly execute arbitrary code.

Red Hat

Affected Software

130 affected componentsFixes available
redhat/kernel-rt<0:3.10.0-1062.12.1.rt56.1042.el7
0:3.10.0-1062.12.1.rt56.1042.el7
redhat/kernel-alt<0:4.14.0-115.17.1.el7a
0:4.14.0-115.17.1.el7a
redhat/kernel<0:3.10.0-1062.12.1.el7
0:3.10.0-1062.12.1.el7
redhat/kernel<0:3.10.0-327.85.1.el7
0:3.10.0-327.85.1.el7
redhat/kernel<0:3.10.0-514.73.1.el7
0:3.10.0-514.73.1.el7
redhat/kernel<0:3.10.0-693.65.1.el7
0:3.10.0-693.65.1.el7
redhat/kernel<0:3.10.0-862.51.1.el7
0:3.10.0-862.51.1.el7
redhat/kernel<0:3.10.0-957.46.1.el7
0:3.10.0-957.46.1.el7
redhat/kernel-rt<0:4.18.0-147.5.1.rt24.98.el8_1
0:4.18.0-147.5.1.rt24.98.el8_1
redhat/kernel<0:4.18.0-147.5.1.el8_1
0:4.18.0-147.5.1.el8_1
redhat/kernel<0:4.18.0-80.15.1.el8_0
0:4.18.0-80.15.1.el8_0
redhat/kernel-rt<1:3.10.0-693.65.1.rt56.663.el6
1:3.10.0-693.65.1.rt56.663.el6
IBM Data Risk Manager<=2.0.6
Linux Linux kernel>=3.6<3.16.74
Linux Linux kernel>=3.17<4.4.194
Linux Linux kernel>=4.5<4.9.194
Linux Linux kernel>=4.10<4.14.146
Linux Linux kernel>=4.15<4.19.75
Linux Linux kernel>=4.20<5.2.17
redhat Virtualization=4.0
redhat Enterprise Linux=5.0
redhat Enterprise Linux=6.0
redhat Enterprise Linux=6.4
redhat Enterprise Linux=7.0
redhat Enterprise Linux=7.6
redhat Enterprise Linux=8.0
redhat Enterprise Linux Compute Node Eus=7.6
redhat Enterprise Linux Eus=7.6
redhat Enterprise Linux Eus=7.7
redhat Enterprise Linux Eus=8.1
redhat Enterprise Linux Eus=8.2
redhat Enterprise Linux Eus=8.4
redhat Enterprise Linux For Power Big Endian Eus=7.6_ppc64
redhat Enterprise Linux For Real Time=7
redhat Enterprise Linux For Real Time=8
redhat Enterprise Linux For Real Time For Nfv=7
redhat Enterprise Linux For Real Time For Nfv=8
redhat Enterprise Linux For Real Time For Nfv Tus=8.2
redhat Enterprise Linux For Real Time For Nfv Tus=8.4
redhat Enterprise Linux For Real Time Tus=8.2
redhat Enterprise Linux For Real Time Tus=8.4
redhat Enterprise Linux Server=7.6
redhat Enterprise Linux Server=8.0
redhat Enterprise Linux Server Aus=7.2
redhat Enterprise Linux Server Aus=7.3
redhat Enterprise Linux Server Aus=7.6
redhat Enterprise Linux Server Aus=8.2
redhat Enterprise Linux Server Aus=8.4
redhat Enterprise Linux Server Tus=7.3
redhat Enterprise Linux Server Tus=7.6
redhat Enterprise Linux Server Tus=8.2
redhat Enterprise Linux Server Tus=8.4
redhat Enterprise Linux Tus=7.7
redhat Messaging Realtime Grid=2.0
redhat Virtualization=4.2
Debian Debian Linux=8.0
Fedoraproject Fedora=29
Fedoraproject Fedora=30
NetApp Data Availability Services
NetApp Hci Management Node
NetApp Service Processor
NetApp Solidfire
NetApp Steelstore Cloud Integrated Storage
All of the following
NetApp A700s Firmware
NetApp A700s
All of the following
NetApp A320 Firmware
NetApp A320
All of the following
NetApp C190 Firmware
NetApp C190
All of the following
NetApp A220 Firmware
NetApp A220
All of the following
NetApp Fas2720 Firmware
NetApp Fas2720
All of the following
NetApp Fas2750 Firmware
NetApp Fas2750
All of the following
NetApp A800 Firmware
NetApp A800
All of the following
NetApp H300s Firmware
NetApp H300s
All of the following
NetApp H500s Firmware
NetApp H500s
All of the following
NetApp H700s Firmware
NetApp H700s
All of the following
NetApp H300e Firmware
NetApp H300e
All of the following
NetApp H500e Firmware
NetApp H500e
All of the following
NetApp H700e Firmware
NetApp H700e
All of the following
NetApp H410s Firmware
NetApp H410s
All of the following
NetApp H610s Firmware
NetApp H610s
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.04
openSUSE Leap=15.0
openSUSE Leap=15.1
NetApp A700s Firmware
NetApp A700s
NetApp A320 Firmware
NetApp A320
NetApp C190 Firmware
NetApp C190
NetApp A220 Firmware
NetApp A220
NetApp Fas2720 Firmware
NetApp Fas2720
NetApp Fas2750 Firmware
NetApp Fas2750
NetApp A800 Firmware
NetApp A800
NetApp H300s Firmware
NetApp H300s
NetApp H500s Firmware
NetApp H500s
NetApp H700s Firmware
NetApp H700s
NetApp H300e Firmware
NetApp H300e
NetApp H500e Firmware
NetApp H500e
NetApp H700e Firmware
NetApp H700e
NetApp H410s Firmware
NetApp H410s
NetApp H610s Firmware
NetApp H610s
debian/linux
5.10.223-15.10.251-16.1.159-16.1.164-16.12.73-16.12.74-26.19.13-16.19.14-1

Remediation

Information

At this time there is no mitigation to the flaw, if you are able to disable wireless and your system is able to work this will be a temporary mitigation until a kernel update is available for installation.

Patch Available

http://www.openwall.com/lists/oss-security/2019/08/28/1

Patch Available

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14816

Patch Available

https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3

Patch Available

https://seclists.org/bugtraq/2019/Nov/11

Patch Available

https://www.openwall.com/lists/oss-security/2019/08/28/1

Event History

Aug 21, 2019
Data Sourced
via Red Hat·12:54 PM
DescriptionSeverityAffected Software
Aug 28, 2019
CVE Published
10:00 AM
Sep 20, 2019
CVE Published
via MITRE·06:25 PM
Data Sourced
via MITRE·06:25 PM
DescriptionSeverityWeakness
Jan 11, 2024
Data Sourced
via Launchpad·11:19 PM
Description
Mar 19, 2026
Data Sourced
via Ubuntu·04:31 PM
RemedyDescriptionSeverityAffected Software
Apr 28, 2026
Data Sourced
via Debian·05:03 PM
DescriptionAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203