Table of Contents
This flaw is currently rated as Important as it is possible for an attacker to setup a wifi access point with identical configuration in another location and intercept have the system auto connect and possibly be exploited.
CVSS v3 metrics
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
|CVSS3 Base Score||8|
|CVSS3 Base Metrics||CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H|
|Attack Vector||Adjacent Network|
Affected Packages State
|Red Hat Enterprise MRG 2||kernel-rt||Not affected|
|Red Hat Enterprise Linux 8||kernel||Affected|
|Red Hat Enterprise Linux 8||kernel-rt||Affected|
|Red Hat Enterprise Linux 7||kernel-alt||Affected|
|Red Hat Enterprise Linux 7||kernel||Affected|
|Red Hat Enterprise Linux 7||kernel-rt||Affected|
|Red Hat Enterprise Linux 6||kernel||Affected|
|Red Hat Enterprise Linux 5||kernel||Out of support scope|
AcknowledgementsRed Hat would like to thank huangwen (ADLab of Venustech) for reporting this issue.
This flaw requires a system with marvell wifi network card to be attempting to connect to a attacker controlled wifi network. A temporary mitigation may be to only connect to known-good networks via wifi, or connect to a network via ethernet. Alternatively if wireless networking is not used the mwifiex kernel module can be blacklisted to prevent misuse of the vulnerable code.