This security bulletin contains one high risk vulnerability.
CWE-787 - Out-of-bounds write
Exploit availability: NoDescription
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA.Mitigation
Install update from vendor's website.Vulnerable software versions
Linux kernel: 4.4 - 5.4.42External links
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.