CVE-2019-14901
📋 TL;DR
A heap overflow vulnerability in the Marvell WiFi chip driver in Linux kernel versions 3.x.x and 4.x.x before 4.18.0 allows remote attackers to cause denial of service (system crash) or potentially execute arbitrary code with root privileges. This affects systems using Marvell WiFi chips with vulnerable kernel versions. The vulnerability impacts both confidentiality and integrity if code execution is achieved.
💻 Affected Systems
- Linux kernel with Marvell WiFi chip driver
📦 What is this software?
Fedora by Fedoraproject
Fedora by Fedoraproject
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Ubuntu Linux by Canonical
Ubuntu Linux by Canonical
Ubuntu Linux by Canonical
Ubuntu Linux by Canonical
⚠️ Risk & Real-World Impact
Worst Case
Remote attacker executes arbitrary code with root privileges, gaining full control over the system to access sensitive data, modify files, or maintain persistence.
Likely Case
Remote attacker causes system crash/reboot resulting in denial of service, disrupting operations and requiring manual intervention.
If Mitigated
If WiFi interface is disabled or system is isolated, impact is limited to local attackers with physical access or those who have already compromised the system.
🎯 Exploit Status
Exploitation requires sending specially crafted packets to the WiFi interface. Public proof-of-concept code exists in security advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel 4.18.0 and later
Vendor Advisory: https://access.redhat.com/errata/RHSA-2020:0204
Restart Required: Yes
Instructions:
1. Update Linux kernel to version 4.18.0 or later. 2. Apply vendor-specific patches for older kernels. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Disable Marvell WiFi interface
linuxTemporarily disable the vulnerable WiFi interface to prevent remote exploitation
sudo ifconfig wlan0 down
sudo ip link set wlan0 down
Block WiFi traffic at firewall
linuxConfigure firewall rules to block incoming WiFi traffic
sudo iptables -A INPUT -i wlan0 -j DROP
🧯 If You Can't Patch
- Disable WiFi interface completely if not required
- Isolate affected systems on separate network segments with strict firewall rules
🔍 How to Verify
Check if Vulnerable:
Check kernel version with 'uname -r' and verify if Marvell WiFi driver is loaded with 'lsmod | grep mwifiex'Check Version:
uname -rVerify Fix Applied:
Verify kernel version is 4.18.0 or later with 'uname -r' and check for applied patches in vendor advisory📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- System crash/reboot events
- mwifiex driver error messages in dmesg
Network Indicators:
- Unusual WiFi traffic patterns
- Malformed packets to WiFi interface
SIEM Query:
source="kernel" AND ("panic" OR "Oops" OR "mwifiex")🔗 References
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
- http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html
- http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html
- https://access.redhat.com/errata/RHSA-2020:0204
- https://access.redhat.com/errata/RHSA-2020:0328
- https://access.redhat.com/errata/RHSA-2020:0339
- https://access.redhat.com/errata/RHSA-2020:0374
- https://access.redhat.com/errata/RHSA-2020:0375
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14901
- https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/
- https://usn.ubuntu.com/4225-1/
- https://usn.ubuntu.com/4225-2/
- https://usn.ubuntu.com/4226-1/
- https://usn.ubuntu.com/4227-1/
- https://usn.ubuntu.com/4227-2/
- https://usn.ubuntu.com/4228-1/
- https://usn.ubuntu.com/4228-2/
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
- http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html
- http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html
- https://access.redhat.com/errata/RHSA-2020:0204
- https://access.redhat.com/errata/RHSA-2020:0328
- https://access.redhat.com/errata/RHSA-2020:0339
- https://access.redhat.com/errata/RHSA-2020:0374
- https://access.redhat.com/errata/RHSA-2020:0375
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14901
- https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4ISVNIC44SOGXTUBCIZFSUNQJ5LRKNZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MN6MLCN7G7VFTSXSZYXKXEFCUMFBUAXQ/
- https://usn.ubuntu.com/4225-1/
- https://usn.ubuntu.com/4225-2/
- https://usn.ubuntu.com/4226-1/
- https://usn.ubuntu.com/4227-1/
- https://usn.ubuntu.com/4227-2/
- https://usn.ubuntu.com/4228-1/
- https://usn.ubuntu.com/4228-2/
