CVE-2020-12653: Buffer Overflow
First published: Mon Jan 27 2020(Updated: )
An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:3.10.0-1127.18.2.rt56.1116.el7 | 0:3.10.0-1127.18.2.rt56.1116.el7 |
| redhat/kernel | <0:3.10.0-1127.18.2.el7 | 0:3.10.0-1127.18.2.el7 |
| redhat/kernel | <0:3.10.0-327.90.2.el7 | 0:3.10.0-327.90.2.el7 |
| redhat/kernel | <0:3.10.0-514.78.1.el7 | 0:3.10.0-514.78.1.el7 |
| redhat/kernel | <0:3.10.0-693.72.1.el7 | 0:3.10.0-693.72.1.el7 |
| redhat/kernel | <0:3.10.0-957.58.2.el7 | 0:3.10.0-957.58.2.el7 |
| redhat/kernel | <0:3.10.0-1062.31.2.el7 | 0:3.10.0-1062.31.2.el7 |
| redhat/kernel-rt | <0:4.18.0-193.13.2.rt13.65.el8_2 | 0:4.18.0-193.13.2.rt13.65.el8_2 |
| redhat/kernel | <0:4.18.0-193.13.2.el8_2 | 0:4.18.0-193.13.2.el8_2 |
| redhat/kernel | <0:4.18.0-80.27.1.el8_0 | 0:4.18.0-80.27.1.el8_0 |
| redhat/kernel | <0:4.18.0-147.24.2.el8_1 | 0:4.18.0-147.24.2.el8_1 |
| redhat/kernel-rt | <1:3.10.0-693.72.1.rt56.672.el6 | 1:3.10.0-693.72.1.rt56.672.el6 |
| debian/linux | 4.19.249-2 4.19.289-2 5.10.197-1 5.10.191-1 6.1.66-1 6.1.69-1 6.5.13-1 6.6.9-1 | |
| Linux Linux kernel | <5.5.4 | |
| openSUSE Leap | =15.1 | |
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| Netapp Active Iq Unified Manager Vmware Vsphere | ||
| Netapp Cloud Backup | ||
| Netapp Element Software | ||
| Netapp Hci Management Node | ||
| Netapp Solidfire | ||
| Netapp Steelstore Cloud Integrated Storage | ||
| Netapp Hci Compute Node Firmware | ||
| Netapp Hci Compute Node | ||
| Netapp A700s Firmware | ||
| Netapp A700s | ||
| Netapp H300s Firmware | ||
| Netapp H300s | ||
| Netapp H500s Firmware | ||
| Netapp H500s | ||
| Netapp H700s Firmware | ||
| Netapp H700s | ||
| Netapp H300e Firmware | ||
| Netapp H300e | ||
| Netapp H500e Firmware | ||
| Netapp H500e | ||
| Netapp H700e Firmware | ||
| Netapp H700e | ||
| Netapp H410s Firmware | ||
| Netapp H410s | ||
| Netapp H410c Firmware | ||
| Netapp H410c | ||
| Netapp H610c Firmware | ||
| Netapp H610c | ||
| Netapp H610s Firmware | ||
| Netapp H610s | ||
| Netapp H615c Firmware | ||
| Netapp H615c |
Remedy
In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module mwifiex. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html
- http://www.openwall.com/lists/oss-security/2020/05/08/2
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d
- https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d
- https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
- https://security.netapp.com/advisory/ntap-20200608-0001/
- https://www.debian.org/security/2020/dsa-4698
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1831870
- https://access.redhat.com/solutions/41278
- https://access.redhat.com/errata/RHSA-2020:2832
- https://access.redhat.com/security/cve/cve-2020-12653
- https://access.redhat.com/errata/RHSA-2020:3010
- https://access.redhat.com/errata/RHSA-2020:3016
- https://access.redhat.com/errata/RHSA-2020:3041
- https://access.redhat.com/errata/RHSA-2020:3220
- https://access.redhat.com/errata/RHSA-2020:3221
- https://access.redhat.com/errata/RHSA-2020:3222
- https://access.redhat.com/errata/RHSA-2020:3224
- https://access.redhat.com/errata/RHSA-2020:3226
- https://access.redhat.com/errata/RHSA-2020:3232
- https://access.redhat.com/errata/RHSA-2020:3389
- https://access.redhat.com/errata/RHSA-2020:3432
- https://bugzilla.redhat.com/show_bug.cgi?id=1831868
- https://www.cve.org/CVERecord?id=CVE-2020-12653 https://nvd.nist.gov/vuln/detail/CVE-2020-12653
- https://git.kernel.org/linus/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d
- https://security-tracker.debian.org/tracker/CVE-2020-12653
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is CVE-2020-12653?
CVE-2020-12653 is a vulnerability in the Linux kernel that allows local users to gain privileges or cause a denial of service.
What is the severity of CVE-2020-12653?
CVE-2020-12653 has a severity rating of 7.8 (high).
How does CVE-2020-12653 affect Linux kernel?
CVE-2020-12653 affects the mwifiex_cmd_append_vsie_tlv() function in the Linux kernel's Marvell WiFi-Ex driver, causing a buffer overflow.
How can local users exploit CVE-2020-12653?
Local users can exploit CVE-2020-12653 by triggering a buffer overflow through an incorrect memcpy operation.
Where can I find more information about CVE-2020-12653?
You can find more information about CVE-2020-12653 on the official Git repository and the Debian security tracker.
- collector/redhat-cve
- collector/security-tracker-debian
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-12653
- agent/remedy
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- package-manager/debian
- vendor/linux
- canonical/linux linux kernel
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.1
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/debian debian linux/9.0
- vendor/netapp
- canonical/netapp active iq unified manager vmware vsphere
- canonical/netapp cloud backup
- canonical/netapp element software
- canonical/netapp hci management node
- canonical/netapp solidfire
- canonical/netapp steelstore cloud integrated storage
- canonical/netapp hci compute node firmware
- canonical/netapp hci compute node
- canonical/netapp a700s firmware
- canonical/netapp a700s
- canonical/netapp h300s firmware
- canonical/netapp h300s
- canonical/netapp h500s firmware
- canonical/netapp h500s
- canonical/netapp h700s firmware
- canonical/netapp h700s
- canonical/netapp h300e firmware
- canonical/netapp h300e
- canonical/netapp h500e firmware
- canonical/netapp h500e
- canonical/netapp h700e firmware
- canonical/netapp h700e
- canonical/netapp h410s firmware
- canonical/netapp h410s
- canonical/netapp h410c firmware
- canonical/netapp h410c
- canonical/netapp h610c firmware
- canonical/netapp h610c
- canonical/netapp h610s firmware
- canonical/netapp h610s
- canonical/netapp h615c firmware
- canonical/netapp h615c