CVE Vulnerabilities

CVE-2019-10126

Out-of-bounds Write

Published: Jun 14, 2019 | Modified: Oct 28, 2021
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
8 IMPORTANT
CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Ubuntu

A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.

Weakness

The software writes data past the end, or before the beginning, of the intended buffer.

Affected Software

Name Vendor Start Version End Version
Linux_kernel Linux - -
Red Hat Enterprise Linux 7 RedHat kernel-rt-0:3.10.0-1062.4.1.rt56.1027.el7 *
Red Hat Enterprise Linux 7 RedHat kernel-0:3.10.0-1062.4.1.el7 *
Red Hat Enterprise Linux 7 RedHat kpatch-patch *
Red Hat Enterprise Linux 7 RedHat kernel-alt-0:4.14.0-115.17.1.el7a *
Red Hat Enterprise Linux 7.6 Extended Update Support RedHat kernel-0:3.10.0-957.54.1.el7 *
Red Hat Enterprise Linux 8 RedHat kernel-rt-0:4.18.0-147.rt24.93.el8 *
Red Hat Enterprise Linux 8 RedHat kernel-0:4.18.0-147.el8 *
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions RedHat kernel-0:4.18.0-80.15.1.el8_0 *
Linux Ubuntu bionic *
Linux Ubuntu cosmic *
Linux Ubuntu disco *
Linux Ubuntu esm-infra/xenial *
Linux Ubuntu precise/esm *
Linux Ubuntu trusty *
Linux Ubuntu trusty/esm *
Linux Ubuntu upstream *
Linux Ubuntu xenial *
Linux-aws Ubuntu bionic *
Linux-aws Ubuntu cosmic *
Linux-aws Ubuntu disco *
Linux-aws Ubuntu esm-infra/xenial *
Linux-aws Ubuntu trusty *
Linux-aws Ubuntu trusty/esm *
Linux-aws Ubuntu upstream *
Linux-aws Ubuntu xenial *
Linux-aws-5.0 Ubuntu upstream *
Linux-aws-hwe Ubuntu esm-infra/xenial *
Linux-aws-hwe Ubuntu upstream *
Linux-aws-hwe Ubuntu xenial *
Linux-azure Ubuntu trusty *
Linux-azure Ubuntu trusty/esm *
Linux-azure Ubuntu upstream *
Linux-azure-5.3 Ubuntu upstream *
Linux-azure-edge Ubuntu upstream *
Linux-euclid Ubuntu upstream *
Linux-euclid Ubuntu xenial *
Linux-flo Ubuntu trusty *
Linux-flo Ubuntu upstream *
Linux-flo Ubuntu xenial *
Linux-gcp Ubuntu bionic *
Linux-gcp Ubuntu cosmic *
Linux-gcp Ubuntu disco *
Linux-gcp Ubuntu esm-infra/xenial *
Linux-gcp Ubuntu upstream *
Linux-gcp Ubuntu xenial *
Linux-gcp-5.3 Ubuntu upstream *
Linux-gcp-edge Ubuntu bionic *
Linux-gcp-edge Ubuntu upstream *
Linux-gke Ubuntu upstream *
Linux-gke Ubuntu xenial *
Linux-gke-4.15 Ubuntu bionic *
Linux-gke-4.15 Ubuntu upstream *
Linux-gke-5.0 Ubuntu upstream *
Linux-goldfish Ubuntu trusty *
Linux-goldfish Ubuntu upstream *
Linux-goldfish Ubuntu xenial *
Linux-grouper Ubuntu trusty *
Linux-grouper Ubuntu upstream *
Linux-hwe Ubuntu bionic *
Linux-hwe Ubuntu esm-infra/xenial *
Linux-hwe Ubuntu upstream *
Linux-hwe Ubuntu xenial *
Linux-hwe-edge Ubuntu bionic *
Linux-hwe-edge Ubuntu esm-infra/xenial *
Linux-hwe-edge Ubuntu upstream *
Linux-hwe-edge Ubuntu xenial *
Linux-kvm Ubuntu upstream *
Linux-lts-trusty Ubuntu precise/esm *
Linux-lts-trusty Ubuntu upstream *
Linux-lts-utopic Ubuntu trusty *
Linux-lts-utopic Ubuntu upstream *
Linux-lts-vivid Ubuntu trusty *
Linux-lts-vivid Ubuntu upstream *
Linux-lts-wily Ubuntu trusty *
Linux-lts-wily Ubuntu upstream *
Linux-lts-xenial Ubuntu trusty *
Linux-lts-xenial Ubuntu trusty/esm *
Linux-lts-xenial Ubuntu upstream *
Linux-maguro Ubuntu trusty *
Linux-maguro Ubuntu upstream *
Linux-mako Ubuntu trusty *
Linux-mako Ubuntu upstream *
Linux-mako Ubuntu xenial *
Linux-manta Ubuntu trusty *
Linux-manta Ubuntu upstream *
Linux-oem Ubuntu bionic *
Linux-oem Ubuntu cosmic *
Linux-oem Ubuntu disco *
Linux-oem Ubuntu eoan *
Linux-oem Ubuntu upstream *
Linux-oem Ubuntu xenial *
Linux-oem-5.4 Ubuntu upstream *
Linux-oem-osp1 Ubuntu bionic *
Linux-oem-osp1 Ubuntu disco *
Linux-oem-osp1 Ubuntu eoan *
Linux-oem-osp1 Ubuntu upstream *
Linux-oracle Ubuntu bionic *
Linux-oracle Ubuntu cosmic *
Linux-oracle Ubuntu disco *
Linux-oracle Ubuntu esm-infra/xenial *
Linux-oracle Ubuntu upstream *
Linux-oracle Ubuntu xenial *
Linux-oracle-5.0 Ubuntu upstream *
Linux-raspi2 Ubuntu bionic *
Linux-raspi2 Ubuntu cosmic *
Linux-raspi2 Ubuntu disco *
Linux-raspi2 Ubuntu upstream *
Linux-raspi2 Ubuntu xenial *
Linux-raspi2-5.3 Ubuntu upstream *
Linux-snapdragon Ubuntu bionic *
Linux-snapdragon Ubuntu disco *
Linux-snapdragon Ubuntu upstream *
Linux-snapdragon Ubuntu xenial *

Potential Mitigations

  • Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.

  • For example, many languages that perform their own memory management, such as Java and Perl, are not subject to buffer overflows. Other languages, such as Ada and C#, typically provide overflow protection, but the protection can be disabled by the programmer.

  • Be wary that a language’s interface to native code may still be subject to overflows, even if the language itself is theoretically safe.

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.

  • Examples include the Safe C String Library (SafeStr) by Messier and Viega [REF-57], and the Strsafe.h library from Microsoft [REF-56]. These libraries provide safer versions of overflow-prone string-handling functions.

  • Run or compile the software using features or extensions that automatically provide a protection mechanism that mitigates or eliminates buffer overflows.

  • For example, certain compilers and extensions provide automatic buffer overflow detection mechanisms that are built into the compiled code. Examples include the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice.

  • Consider adhering to the following rules when allocating and managing an application’s memory:

  • Run or compile the software using features or extensions that randomly arrange the positions of a program’s executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.

  • Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64].

References