An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2020/05/08/2 | Mailing List Third Party Advisory |
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4 | Release Notes Vendor Advisory |
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d | Patch Vendor Advisory |
https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20200608-0001/ | Third Party Advisory |
https://www.debian.org/security/2020/dsa-4698 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
Configuration 15 (hide)
AND |
|
Configuration 16 (hide)
AND |
|
Configuration 17 (hide)
AND |
|
History
26 Apr 2022, 17:37
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) http://www.openwall.com/lists/oss-security/2020/05/08/2 - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20200608-0001/ - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html - Mailing List, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2020/dsa-4698 - Third Party Advisory | |
CPE | cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:* |
|
First Time |
Netapp hci Compute Node Firmware
Netapp h410c Netapp h700s Netapp Netapp h500e Firmware Netapp h300e Firmware Netapp h500s Firmware Netapp h300s Firmware Netapp h500e Netapp h700e Opensuse Netapp hci Compute Node Netapp a700s Netapp hci Management Node Netapp h300e Debian debian Linux Netapp h410s Netapp h610c Firmware Netapp h410s Firmware Netapp h410c Firmware Netapp a700s Firmware Netapp h610s Netapp h700e Firmware Netapp cloud Backup Netapp h615c Firmware Netapp h700s Firmware Netapp active Iq Unified Manager Debian Netapp h615c Netapp element Software Opensuse leap Netapp steelstore Cloud Integrated Storage Netapp h610s Firmware Netapp h500s Netapp h610c Netapp solidfire Netapp h300s |
|
CWE | CWE-787 |
Information
Published : 2020-05-05 06:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-12653
Mitre link : CVE-2020-12653
CVE.ORG link : CVE-2020-12653
JSON object : View
Products Affected
netapp
- h700s_firmware
- solidfire
- h610c_firmware
- h410s
- h615c_firmware
- h500e_firmware
- cloud_backup
- steelstore_cloud_integrated_storage
- h500e
- h615c
- a700s
- h700e_firmware
- h300s
- hci_compute_node_firmware
- h700s
- h610c
- h610s_firmware
- element_software
- h300e
- hci_compute_node
- h700e
- h410s_firmware
- h500s
- h300s_firmware
- a700s_firmware
- h410c
- active_iq_unified_manager
- hci_management_node
- h500s_firmware
- h300e_firmware
- h610s
- h410c_firmware
opensuse
- leap
debian
- debian_linux
linux
- linux_kernel
CWE
CWE-787
Out-of-bounds Write