Main Vulnerability Database SB2019020609

SB2019020609 - Privilege escalation in Marvell Avastar

Published: February 6, 2019

Security Bulletin ID SB2019020609

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory corruption (CVE-ID: CVE-2019-6496)

The vulnerability allows an adjacent unauthenticated attacker to execute arbitrary code on the host system.

The weakness exists due to a block pool memory overflow during Wi-Fi network scans. An adjacent attacker within Wi-Fi radio range can overwrite certain block pool data structures to intercept network traffic or execute arbitrary code on a system with a vulnerable Marvell SoC.

Remediation

Install update from vendor's website.

References

https://kb.cert.org/vuls/id/730261/
https://ru.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statement

SB2019020609 - Privilege escalation in Marvell Avastar

Breakdown by Severity

Description

Remediation

References

Please verify you're human