CVE-2020-12653 - Vulncode-DB

CVE-2020-12653 (NVD)

2020-05-05

An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.

Products	Debian_linux, Linux_kernel, A700s_firmware, Active_iq_unified_manager, Cloud_backup, Element_software, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H610c_firmware, H610s_firmware, H615c_firmware, H700e_firmware, H700s_firmware, Hci_compute_node_firmware, Hci_management_node, Solidfire, Steelstore_cloud_integrated_storage, Leap
Type	Out-of-bounds Write (CWE-787)
First patch	- None (likely due to unavailable code)
Patches	• https://github.com/torvalds/linux/commit/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d
Links	• https://security.netapp.com/advisory/ntap-20200608-0001/ • https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html • http://www.openwall.com/lists/oss-security/2020/05/08/2 • https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html • https://www.debian.org/security/2020/dsa-4698 More/Less (3) • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4