This flaw is currently rated as Important as it is possible for an attacker to setup a wifi access point with identical configuration in another location and intercept have the system auto connect and possibly be exploited.
CVSS v3 metrics
|CVSS3 Base Score||8|
|CVSS3 Base Metrics||CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H|
|Attack Vector||Adjacent Network|
AcknowledgementsRed Hat would like to thank huangwen (ADLab of Venustech) for reporting this issue.
This flaw requires a system with marvell wifi network card to be attempting to connect to a attacker controlled wifi network. A temporary mitigation may be to only connect to known-good networks via wifi, or connect to a network via ethernet. Alternatively if wireless networking is not used the mwifiex kernel module can be blacklisted to prevent misuse of the vulnerable code.