CVE-2019-14895
📋 TL;DR
A heap-based buffer overflow vulnerability in Marvell WiFi chip drivers in Linux kernel versions 3.x.x and 4.x.x before 4.18.0 allows remote attackers to potentially execute arbitrary code or cause denial of service (system crash) during connection negotiation. This affects all Linux systems using vulnerable Marvell WiFi hardware with the affected kernel versions. The vulnerability is remotely exploitable without authentication.
💻 Affected Systems
- Linux kernel with Marvell WiFi chip drivers
📦 What is this software?
Fedora by Fedoraproject
Fedora by Fedoraproject
Leap by Opensuse
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Ubuntu Linux by Canonical
Ubuntu Linux by Canonical
Ubuntu Linux by Canonical
Ubuntu Linux by Canonical
Ubuntu Linux by Canonical
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with kernel privileges leading to complete system compromise, data theft, or persistent backdoor installation.
Likely Case
Denial of service (system crash/kernel panic) disrupting operations and requiring physical or remote console access to reboot.
If Mitigated
If WiFi is disabled or vulnerable drivers aren't loaded, no impact. With proper network segmentation, impact is limited to WiFi network segment.
🎯 Exploit Status
Exploit requires WiFi proximity or network access. Public exploit code exists in security advisories. Kernel heap exploitation requires specific timing and memory layout.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel 4.18.0 and later
Vendor Advisory: https://access.redhat.com/errata/RHSA-2020:0328
Restart Required: Yes
Instructions:
1. Update kernel to version 4.18.0 or later. 2. For older distributions, apply backported patches from your vendor. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Disable Marvell WiFi driver
linuxPrevent loading of vulnerable driver module
echo 'blacklist mwifiex' >> /etc/modprobe.d/blacklist.conf
rmmod mwifiex
Disable WiFi interface
linuxTurn off WiFi to prevent remote exploitation
ip link set wlan0 down
nmcli radio wifi off
🧯 If You Can't Patch
- Segment WiFi network from critical systems using VLANs or firewalls
- Implement strict WiFi access controls and monitor for suspicious connection attempts
🔍 How to Verify
Check if Vulnerable:
Check kernel version: uname -r. If version is between 3.0.0 and 4.17.x, check if Marvell driver is loaded: lsmod | grep mwifiexCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is 4.18.0 or later: uname -r. Confirm Marvell driver version is patched or not loaded.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- System crash/reboot events
- WiFi driver error messages in dmesg
Network Indicators:
- Unusual WiFi connection attempts to Marvell chips
- Malformed WiFi negotiation packets
SIEM Query:
source="kernel" AND ("panic" OR "Oops" OR "mwifiex")🔗 References
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
- http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html
- http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html
- https://access.redhat.com/errata/RHSA-2020:0328
- https://access.redhat.com/errata/RHSA-2020:0339
- https://access.redhat.com/errata/RHSA-2020:0374
- https://access.redhat.com/errata/RHSA-2020:0375
- https://access.redhat.com/errata/RHSA-2020:0543
- https://access.redhat.com/errata/RHSA-2020:0592
- https://access.redhat.com/errata/RHSA-2020:0609
- https://access.redhat.com/errata/RHSA-2020:0653
- https://access.redhat.com/errata/RHSA-2020:0661
- https://access.redhat.com/errata/RHSA-2020:0664
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14895
- https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/
- https://usn.ubuntu.com/4225-1/
- https://usn.ubuntu.com/4225-2/
- https://usn.ubuntu.com/4226-1/
- https://usn.ubuntu.com/4227-1/
- https://usn.ubuntu.com/4227-2/
- https://usn.ubuntu.com/4228-1/
- https://usn.ubuntu.com/4228-2/
- https://www.openwall.com/lists/oss-security/2019/11/22/2
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
- http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html
- http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html
- https://access.redhat.com/errata/RHSA-2020:0328
- https://access.redhat.com/errata/RHSA-2020:0339
- https://access.redhat.com/errata/RHSA-2020:0374
- https://access.redhat.com/errata/RHSA-2020:0375
- https://access.redhat.com/errata/RHSA-2020:0543
- https://access.redhat.com/errata/RHSA-2020:0592
- https://access.redhat.com/errata/RHSA-2020:0609
- https://access.redhat.com/errata/RHSA-2020:0653
- https://access.redhat.com/errata/RHSA-2020:0661
- https://access.redhat.com/errata/RHSA-2020:0664
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14895
- https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/
- https://usn.ubuntu.com/4225-1/
- https://usn.ubuntu.com/4225-2/
- https://usn.ubuntu.com/4226-1/
- https://usn.ubuntu.com/4227-1/
- https://usn.ubuntu.com/4227-2/
- https://usn.ubuntu.com/4228-1/
- https://usn.ubuntu.com/4228-2/
- https://www.openwall.com/lists/oss-security/2019/11/22/2
