First published: Wed May 22 2019(Updated: )
A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel-rt | <0:3.10.0-1062.4.1.rt56.1027.el7 | 0:3.10.0-1062.4.1.rt56.1027.el7 |
redhat/kernel | <0:3.10.0-1062.4.1.el7 | 0:3.10.0-1062.4.1.el7 |
redhat/kernel-alt | <0:4.14.0-115.17.1.el7a | 0:4.14.0-115.17.1.el7a |
redhat/kernel | <0:3.10.0-957.54.1.el7 | 0:3.10.0-957.54.1.el7 |
redhat/kernel-rt | <0:4.18.0-80.11.1.rt9.156.el8_0 | 0:4.18.0-80.11.1.rt9.156.el8_0 |
redhat/kernel | <0:4.18.0-80.11.1.el8_0 | 0:4.18.0-80.11.1.el8_0 |
Linux Linux kernel | >=3.0<3.16.70 | |
Linux Linux kernel | >=3.17<4.4.186 | |
Linux Linux kernel | >=4.5<4.9.186 | |
Linux Linux kernel | >=4.10<4.14.134 | |
Linux Linux kernel | >=4.15<4.19.59 | |
Linux Linux kernel | >=4.20<5.1.18 | |
Redhat Enterprise Linux | =6.0 | |
Redhat Enterprise Linux | =7.0 | |
Redhat Enterprise Linux | =8.0 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =19.04 | |
Netapp A700s Firmware | ||
Netapp A700s | ||
Netapp Cn1610 Firmware | ||
Netapp Cn1610 | ||
Netapp H610s Firmware | ||
Netapp H610s | ||
Netapp Active Iq Unified Manager For Vmware Vsphere | >=9.5 | |
Netapp Hci Management Node | ||
Netapp Solidfire | ||
Fedoraproject Fedora | =29 | |
Fedoraproject Fedora | =30 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
openSUSE Leap | =15.0 | |
openSUSE Leap | =15.1 | |
openSUSE Leap | =42.3 | |
All of | ||
Netapp A700s Firmware | ||
Netapp A700s | ||
All of | ||
Netapp Cn1610 Firmware | ||
Netapp Cn1610 | ||
All of | ||
Netapp H610s Firmware | ||
Netapp H610s | ||
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1 |
This flaw requires a system with marvell wifi network card to be attempting to connect to a attacker controlled wifi network. A temporary mitigation may be to only connect to known-good networks via wifi, or connect to a network via ethernet. Alternatively if wireless networking is not used the mwifiex kernel module can be blacklisted to prevent misuse of the vulnerable code.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)