Memory corruption in Marvell Technology products - CVE-2019-6496
Published: February 6, 2019
Vulnerability identifier: #VU17381
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-6496
CWE-ID: CWE-119
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Marvell Technology
Affected software:
Avastar 88W8897
Avastar 88W8801
Avastar 88W8797
Avastar 88W8787
Avastar 88W8897
Avastar 88W8801
Avastar 88W8797
Avastar 88W8787
Detailed vulnerability description
The vulnerability allows an adjacent unauthenticated attacker to execute arbitrary code on the host system.
The weakness exists due to a block pool memory overflow during Wi-Fi network scans. An adjacent attacker within Wi-Fi radio range can overwrite certain block pool data structures to intercept network traffic or execute arbitrary code on a system with a vulnerable Marvell SoC.
The weakness exists due to a block pool memory overflow during Wi-Fi network scans. An adjacent attacker within Wi-Fi radio range can overwrite certain block pool data structures to intercept network traffic or execute arbitrary code on a system with a vulnerable Marvell SoC.
How to mitigate CVE-2019-6496
Install update from vendor's website.