Synology-SA-19:07 Marvell Avastar SoC

Publish Time: 2019-02-15 18:03:26 UTC+8

Last Updated: 2019-02-15 18:03:26 UTC+8

Severity
Not affected
Status
Resolved

Abstract

CVE-2019-6496 allows remote attackers to conduct denial-of-service attacks or execute arbitrary code.

None of Synology's products are affected as CVE-2019-6496 only affects products equipped with Marvell Avastar SoC.

Affected Products

Product Severity Fixed Release Availability
SRM 1.2 Not affected N/A

Mitigation

None

Detail

  • CVE-2019-6496
    • Severity: Not affected
    • CVSS3 Base Score: 0.0
    • CVSS3 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    • The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of the host application processor in some cases, but this depends on several factors including host OS hardening and the availability of DMA.

Reference

Revision

Revision Date Description
1 2019-02-15 Initial public release.