CVE-2019-10126
📋 TL;DR
This CVE describes a heap-based buffer overflow vulnerability in the Linux kernel's mwifiex wireless driver. Attackers could exploit this to corrupt memory, potentially leading to denial of service, privilege escalation, or arbitrary code execution. Systems using affected Marvell wireless chipsets with vulnerable kernel versions are at risk.
💻 Affected Systems
- Linux kernel with mwifiex driver
📦 What is this software?
Enterprise Linux For Real Time For Nfv by Redhat
View all CVEs affecting Enterprise Linux For Real Time For Nfv →
Enterprise Linux For Real Time For Nfv Tus by Redhat
View all CVEs affecting Enterprise Linux For Real Time For Nfv Tus →
Enterprise Linux For Real Time For Nfv Tus by Redhat
View all CVEs affecting Enterprise Linux For Real Time For Nfv Tus →
Enterprise Linux For Real Time Tus by Redhat
View all CVEs affecting Enterprise Linux For Real Time Tus →
Enterprise Linux For Real Time Tus by Redhat
View all CVEs affecting Enterprise Linux For Real Time Tus →
Leap by Opensuse
Leap by Opensuse
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Solidfire by Netapp
Ubuntu Linux by Canonical
Ubuntu Linux by Canonical
Ubuntu Linux by Canonical
Ubuntu Linux by Canonical
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise via remote code execution with kernel privileges, allowing complete control over the affected system.
Likely Case
System crash or denial of service through kernel panic, potentially requiring physical access to restart.
If Mitigated
Limited impact if wireless interfaces are disabled or systems are properly segmented from untrusted networks.
🎯 Exploit Status
Exploitation requires sending specially crafted wireless frames to vulnerable systems. Public exploit code exists in security advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Varies by distribution - check specific kernel versions for your OS
Vendor Advisory: https://www.kernel.org/
Restart Required: Yes
Instructions:
1. Update kernel package using your distribution's package manager. 2. For RHEL/CentOS: yum update kernel. 3. For Ubuntu/Debian: apt update && apt upgrade linux-image-*. 4. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable wireless interface
linuxTemporarily disable vulnerable wireless interface to prevent exploitation
sudo ip link set wlan0 down
sudo rfkill block wifi
Unload mwifiex driver
linuxRemove the vulnerable kernel module from memory
sudo modprobe -r mwifiex
🧯 If You Can't Patch
- Segment wireless networks from critical systems using firewalls
- Implement strict wireless access controls and monitoring
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if mwifiex module is loaded: uname -r && lsmod | grep mwifiexCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and matches patched version for your distribution📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- mwifiex driver crash messages in dmesg
- Unexpected wireless frame processing errors
Network Indicators:
- Unusual wireless frame patterns targeting mwifiex devices
- Malformed 802.11 management frames
SIEM Query:
source="kernel" AND ("mwifiex" OR "heap overflow" OR "buffer overflow")🔗 References
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html
- http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- http://www.securityfocus.com/bid/108817
- https://access.redhat.com/errata/RHSA-2019:3055
- https://access.redhat.com/errata/RHSA-2019:3076
- https://access.redhat.com/errata/RHSA-2019:3089
- https://access.redhat.com/errata/RHSA-2019:3309
- https://access.redhat.com/errata/RHSA-2019:3517
- https://access.redhat.com/errata/RHSA-2020:0174
- https://access.redhat.com/errata/RHSA-2020:0204
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10126
- https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html
- https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html
- https://seclists.org/bugtraq/2019/Jul/33
- https://seclists.org/bugtraq/2019/Jun/26
- https://security.netapp.com/advisory/ntap-20190710-0002/
- https://support.f5.com/csp/article/K95593121
- https://usn.ubuntu.com/4093-1/
- https://usn.ubuntu.com/4094-1/
- https://usn.ubuntu.com/4095-1/
- https://usn.ubuntu.com/4095-2/
- https://usn.ubuntu.com/4117-1/
- https://usn.ubuntu.com/4118-1/
- https://www.debian.org/security/2019/dsa-4465
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html
- http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- http://www.securityfocus.com/bid/108817
- https://access.redhat.com/errata/RHSA-2019:3055
- https://access.redhat.com/errata/RHSA-2019:3076
- https://access.redhat.com/errata/RHSA-2019:3089
- https://access.redhat.com/errata/RHSA-2019:3309
- https://access.redhat.com/errata/RHSA-2019:3517
- https://access.redhat.com/errata/RHSA-2020:0174
- https://access.redhat.com/errata/RHSA-2020:0204
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10126
- https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html
- https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html
- https://seclists.org/bugtraq/2019/Jul/33
- https://seclists.org/bugtraq/2019/Jun/26
- https://security.netapp.com/advisory/ntap-20190710-0002/
- https://support.f5.com/csp/article/K95593121
- https://usn.ubuntu.com/4093-1/
- https://usn.ubuntu.com/4094-1/
- https://usn.ubuntu.com/4095-1/
- https://usn.ubuntu.com/4095-2/
- https://usn.ubuntu.com/4117-1/
- https://usn.ubuntu.com/4118-1/
- https://www.debian.org/security/2019/dsa-4465
