{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-11T11:06:09", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://lkml.org/lkml/2019/10/16/1226"}, {"tags": ["x_refsource_MISC"], "url": "https://arstechnica.com/information-technology/2019/10/unpatched-linux-flaw-may-let-attackers-crash-or-compromise-nearby-devices/"}, {"tags": ["x_refsource_MISC"], "url": "https://twitter.com/nicowaisman/status/1184864519316758535"}, {"name": "FEDORA-2019-6a67ff8793", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRBP4O6D2SQ2NHCRHTJONGCZLWOIV5MN/"}, {"name": "openSUSE-SU-2019:2392", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"}, {"name": "openSUSE-SU-2019:2444", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html"}, {"name": "USN-4185-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4185-1/"}, {"name": "USN-4183-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4183-1/"}, {"name": "USN-4184-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4184-1/"}, {"name": "USN-4186-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4186-1/"}, {"name": "USN-4186-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4186-2/"}, {"name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"}, {"name": "RHSA-2020:0328", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0328"}, {"name": "RHSA-2020:0339", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0339"}, {"name": "RHSA-2020:0543", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0543"}, {"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"}, {"name": "RHSA-2020:0661", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0661"}, {"name": "RHSA-2020:0740", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0740"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-17666", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://lkml.org/lkml/2019/10/16/1226", "refsource": "MISC", "url": "https://lkml.org/lkml/2019/10/16/1226"}, {"name": "https://arstechnica.com/information-technology/2019/10/unpatched-linux-flaw-may-let-attackers-crash-or-compromise-nearby-devices/", "refsource": "MISC", "url": "https://arstechnica.com/information-technology/2019/10/unpatched-linux-flaw-may-let-attackers-crash-or-compromise-nearby-devices/"}, {"name": "https://twitter.com/nicowaisman/status/1184864519316758535", "refsource": "MISC", "url": "https://twitter.com/nicowaisman/status/1184864519316758535"}, {"name": "FEDORA-2019-6a67ff8793", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRBP4O6D2SQ2NHCRHTJONGCZLWOIV5MN/"}, {"name": "openSUSE-SU-2019:2392", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html"}, {"name": "https://security.netapp.com/advisory/ntap-20191031-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"}, {"name": "openSUSE-SU-2019:2444", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html"}, {"name": "USN-4185-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4185-1/"}, {"name": "USN-4183-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4183-1/"}, {"name": "USN-4184-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4184-1/"}, {"name": "USN-4186-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4186-1/"}, {"name": "USN-4186-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4186-2/"}, {"name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"}, {"name": "RHSA-2020:0328", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0328"}, {"name": "RHSA-2020:0339", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0339"}, {"name": "RHSA-2020:0543", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0543"}, {"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"}, {"name": "RHSA-2020:0661", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0661"}, {"name": "RHSA-2020:0740", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0740"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:47:13.495Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lkml.org/lkml/2019/10/16/1226"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://arstechnica.com/information-technology/2019/10/unpatched-linux-flaw-may-let-attackers-crash-or-compromise-nearby-devices/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://twitter.com/nicowaisman/status/1184864519316758535"}, {"name": "FEDORA-2019-6a67ff8793", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRBP4O6D2SQ2NHCRHTJONGCZLWOIV5MN/"}, {"name": "openSUSE-SU-2019:2392", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"}, {"name": "openSUSE-SU-2019:2444", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html"}, {"name": "USN-4185-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4185-1/"}, {"name": "USN-4183-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4183-1/"}, {"name": "USN-4184-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4184-1/"}, {"name": "USN-4186-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4186-1/"}, {"name": "USN-4186-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4186-2/"}, {"name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"}, {"name": "RHSA-2020:0328", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0328"}, {"name": "RHSA-2020:0339", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0339"}, {"name": "RHSA-2020:0543", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0543"}, {"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"}, {"name": "RHSA-2020:0661", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0661"}, {"name": "RHSA-2020:0740", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2020:0740"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-17666", "datePublished": "2019-10-17T01:47:59", "dateReserved": "2019-10-17T00:00:00", "dateUpdated": "2024-08-05T01:47:13.495Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9887870C-A77C-4AB8-B6DE-4D79D980DF34", "versionEndExcluding": "3.16.77", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC33DDAB-9CF7-4452-99C6-58B6EB60F698", "versionEndExcluding": "4.4.199", "versionStartIncluding": "3.17", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5DE008FD-9909-4CB8-8B1B-2C49DBB96702", "versionEndExcluding": "4.9.199", "versionStartIncluding": "4.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA96BD97-C28E-407E-82EA-D9EE0428AEE5", "versionEndExcluding": "4.14.152", "versionStartIncluding": "4.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2083AEA2-E04A-4A55-996D-5BB40D30417A", "versionEndExcluding": "4.19.82", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9ECB3CBC-52A5-4B2C-AFFA-13E37D77461A", "versionEndExcluding": "5.2", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A4E8BFB-991D-4B7A-AB4D-CFB3448FB960", "versionEndExcluding": "5.3.9", "versionStartIncluding": "5.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow."}, {"lang": "es", "value": "En la funci\u00f3n rtl_p2p_noa_ie en el archivo drivers/net/wireless/realtek/rtlwifi/ps.c en el kernel de Linux versiones hasta 5.3.6, carece de una cierta comprobaci\u00f3n de l\u00edmite superior, lo que conlleva a un desbordamiento del b\u00fafer."}], "id": "CVE-2019-17666", "lastModified": "2023-11-07T03:06:24.143", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-17T02:15:13.477", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0328"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0339"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0543"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0661"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0740"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://arstechnica.com/information-technology/2019/10/unpatched-linux-flaw-may-let-attackers-crash-or-compromise-nearby-devices/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRBP4O6D2SQ2NHCRHTJONGCZLWOIV5MN/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://lkml.org/lkml/2019/10/16/1226"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://twitter.com/nicowaisman/status/1184864519316758535"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4183-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4184-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4185-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4186-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4186-2/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:1524", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-754.29.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2020-04-22T00:00:00Z"}, {"advisory": "RHSA-2020:0839", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-1062.18.1.rt56.1044.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-03-17T00:00:00Z"}, {"advisory": "RHSA-2020:0740", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-alt-0:4.14.0-115.18.1.el7a", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-03-09T00:00:00Z"}, {"advisory": "RHSA-2020:0834", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-1062.18.1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-03-17T00:00:00Z"}, {"advisory": "RHSA-2020:0661", "cpe": "cpe:/o:redhat:rhel_aus:7.2", "package": "kernel-0:3.10.0-327.85.1.el7", "product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support", "release_date": "2020-03-03T00:00:00Z"}, {"advisory": "RHSA-2020:1473", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "kernel-0:3.10.0-514.74.1.el7", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2020-04-14T00:00:00Z"}, {"advisory": "RHSA-2020:1473", "cpe": "cpe:/o:redhat:rhel_tus:7.3", "package": "kernel-0:3.10.0-514.74.1.el7", "product_name": "Red Hat Enterprise Linux 7.3 Telco Extended Update Support", "release_date": "2020-04-14T00:00:00Z"}, {"advisory": "RHSA-2020:1473", "cpe": "cpe:/o:redhat:rhel_e4s:7.3", "package": "kernel-0:3.10.0-514.74.1.el7", "product_name": "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions", "release_date": "2020-04-14T00:00:00Z"}, {"advisory": "RHSA-2020:1347", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "kernel-0:3.10.0-693.65.1.el7", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2020-04-07T00:00:00Z"}, {"advisory": "RHSA-2020:1347", "cpe": "cpe:/o:redhat:rhel_tus:7.4", "package": "kernel-0:3.10.0-693.65.1.el7", "product_name": "Red Hat Enterprise Linux 7.4 Telco Extended Update Support", "release_date": "2020-04-07T00:00:00Z"}, {"advisory": "RHSA-2020:1347", "cpe": "cpe:/o:redhat:rhel_e4s:7.4", "package": "kernel-0:3.10.0-693.65.1.el7", "product_name": "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions", "release_date": "2020-04-07T00:00:00Z"}, {"advisory": "RHSA-2020:0543", "cpe": "cpe:/o:redhat:rhel_eus:7.5", "package": "kernel-0:3.10.0-862.48.1.el7", "product_name": "Red Hat Enterprise Linux 7.5 Extended Update Support", "release_date": "2020-02-19T00:00:00Z"}, {"advisory": "RHSA-2020:1465", "cpe": "cpe:/o:redhat:rhel_eus:7.6", "package": "kernel-0:3.10.0-957.48.1.el7", "product_name": "Red Hat Enterprise Linux 7.6 Extended Update Support", "release_date": "2020-04-14T00:00:00Z"}, {"advisory": "RHSA-2020:0328", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-147.5.1.rt24.98.el8_1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-02-04T00:00:00Z"}, {"advisory": "RHSA-2020:0339", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-147.5.1.el8_1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-02-04T00:00:00Z"}, {"advisory": "RHSA-2020:0831", "cpe": "cpe:/o:redhat:rhel_e4s:8.0", "package": "kernel-0:4.18.0-80.16.1.el8_0", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-03-17T00:00:00Z"}, {"advisory": "RHSA-2020:1353", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "kernel-rt-1:3.10.0-693.65.1.rt56.663.el6rt", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2020-04-07T00:00:00Z"}, {"advisory": "RHSA-2020:1465", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "kernel-0:3.10.0-957.48.1.el7", "product_name": "Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2020-04-14T00:00:00Z"}], "bugzilla": {"description": "kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow", "id": "1763690", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1763690"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "status": "verified"}, "cwe": "CWE-120", "details": ["rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.", "A flaw was found in the Linux kernel's implementation of the RealTek wireless drivers WiFi-direct (or WiFi peer-to-peer) driver implementation. When the RealTek wireless networking hardware is configured to accept WiFi-Direct or WiFi P2P connections, an attacker within the wireless network connectivity radio range can exploit a flaw in the WiFi-direct protocol known as \"Notice of Absence\" by creating specially crafted frames which can then corrupt kernel memory as the upper bounds on the length of the frame is unchecked and supplied by the incoming packet."], "name": "CVE-2019-17666", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2019-10-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-17666\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17666\nhttps://arstechnica.com/information-technology/2019/10/unpatched-linux-flaw-may-let-attackers-crash-or-compromise-nearby-devices/\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8c55dedb795be8ec0cf488f98c03a1c2176f7fb1"], "threat_severity": "Important", "upstream_fix": "kernel 5.3.6"}