Login Sign Up

CVE-2019-14896

9.8 CRITICAL

📋 TL;DR

A heap-based buffer overflow vulnerability exists in the Marvell WiFi chip driver in Linux kernel versions around 2.6.32. This allows remote attackers to cause denial of service (system crash) or potentially execute arbitrary code when a station connects to an access point. Systems using affected Linux kernel versions with Marvell WiFi hardware are vulnerable.

💻 Affected Systems

Products:
  • Linux kernel with Marvell WiFi driver
Versions: Linux kernel versions around 2.6.32 (specifically kernel-2.6.32)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with Marvell WiFi hardware/chipsets. The vulnerability triggers when lbs_ibss_join_existing function is called after STA connects to AP.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, allowing attacker to install malware, steal data, or pivot to other systems.

🟠

Likely Case

System crash or kernel panic causing denial of service, requiring physical or remote reboot to restore functionality.

🟢

If Mitigated

Limited impact if systems are patched, isolated, or don't use Marvell WiFi hardware.

🌐 Internet-Facing: HIGH - Remote attackers can exploit this without authentication when WiFi is enabled and accessible.
🏢 Internal Only: MEDIUM - Requires network access to WiFi interface, but internal attackers could still exploit if WiFi is enabled.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploit requires sending specially crafted packets to the WiFi interface. Public exploit details exist in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with security updates after 2019

Vendor Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14896

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. For Red Hat/CentOS: yum update kernel. 3. For Debian/Ubuntu: apt update && apt upgrade linux-image-*. 4. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable WiFi Interface

linux

Temporarily disable the affected WiFi interface to prevent exploitation

sudo ifconfig wlan0 down
sudo ip link set wlan0 down

Block WiFi Network Access

linux

Use firewall rules to block access to WiFi interface

sudo iptables -A INPUT -i wlan0 -j DROP

🧯 If You Can't Patch

  • Disable WiFi functionality entirely if not required
  • Isolate affected systems on separate network segments with strict firewall rules

🔍 How to Verify

Check if Vulnerable:

Check kernel version: uname -r. If version is around 2.6.32 and system has Marvell WiFi hardware, it's likely vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Check kernel version after update: uname -r should show newer version. Verify Marvell driver is updated via lsmod | grep marvell.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • System crash/reboot events
  • Marvell driver error messages in dmesg

Network Indicators:

  • Unusual WiFi connection attempts
  • Malformed WiFi packets to Marvell interfaces

SIEM Query:

source="kernel" AND ("panic" OR "oops") AND "marvell" OR source="dmesg" AND "buffer overflow" AND "lbs_ibss"

📊 Metadata

CVE ID: CVE-2019-14896
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-122
Published: November 27, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-14896, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)