First published: Mon Dec 30 2019(Updated: )
A flaw was found in the Linux kernel's mwifiex driver implementation when connecting to other WiFi devices in "Test Mode." A kernel memory leak can occur if an error condition is met during the parameter negotiation. This issue can lead to a denial of service if multiple error conditions meeting the repeated connection attempts are attempted.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel-rt | <0:3.10.0-1160.rt56.1131.el7 | 0:3.10.0-1160.rt56.1131.el7 |
redhat/kernel-alt | <0:4.14.0-115.19.1.el7a | 0:4.14.0-115.19.1.el7a |
redhat/kernel | <0:3.10.0-1160.el7 | 0:3.10.0-1160.el7 |
Linux Linux kernel | <5.1.6 | |
openSUSE Leap | =15.1 | |
Netapp Active Iq Unified Manager Vmware Vsphere | ||
Netapp Cloud Backup | ||
Netapp Data Availability Services | ||
NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.70.1 | |
Netapp Hci Management Node | ||
Netapp Solidfire | ||
Netapp Steelstore Cloud Integrated Storage | ||
Netapp A700s Firmware | ||
Netapp A700s | ||
Netapp 8300 Firmware | ||
Netapp 8300 | ||
Netapp 8700 Firmware | ||
Netapp 8700 | ||
Netapp A400 Firmware | ||
Netapp A400 | ||
Netapp H610s Firmware | ||
Netapp H610s |
As connecting to a wireless device is not automatic and initiated by a user, not connecting to rogue access points would prevent this flaw from being abused.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
The vulnerability ID is CVE-2019-20095.
The severity level of CVE-2019-20095 is medium (5.2).
The affected software versions include Linux kernel versions before 5.1.6, redhat/kernel-rt version 0:3.10.0-1160.rt56.1131.el7, redhat/kernel-alt version 0:4.14.0-115.19.1.el7a, redhat/kernel version 0:3.10.0-1160.el7, and openSUSE Leap version 15.1.
To fix CVE-2019-20095, update your software to a version that is not vulnerable.
You can find more information about CVE-2019-20095 at the following references: [Link 1](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=003b686ace820ce2d635a83f10f2d7f9c147dabc), [Link 2](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1791955), [Link 3](https://access.redhat.com/errata/RHSA-2020:1493).