A potentially dangerous vulnerability was discovered in
the Linux Kernel, affecting Realtek Wi-Fi chips that could have been used to
crash or compromise any systems running Linux.
Security researcher Nico Waisman discovered the flaw, now
dubbed CVE-2019-17666.
A buffer overflow could be triggered by in any machines using a Realtek Wi-Fi
chip and any Linux kernel, which would, at the very least, crash the OS. In the
worst-case scenario, it could let an attacker gain control over the system.
“Found this bug on Monday. An overflow on the linux
rtlwifi driver on P2P (Wifi-Direct), while parsing Notice of Absence frames.
The bug has been around for at least 4 years,” explained
Waisman on Twitter.
Since this is a vulnerability at the kernel level, a
patch is required to fix it, and it will be available soon. “Nicolas
Waisman noticed that even though noa_len is checked for a compatible length
it’s still possible to overrun the buffers of p2pinfo since there’s no check on
the upper bound of noa_num. Bounds check noa_num against P2P_MAX_NOA_NUM,”
said kernel developer Laura
Abbott.
Linux kernel development moves quickly, and a patch will
be made available on all branches in coming days. It takes a while to
distribute across the ecosystem, and some systems will always remain unpatched.
There’s a little bit of silver lining, as the vulnerability was discovered by a security researcher and not a hacker. It’s not used in the wild. Waisman was still working on a way to devise a proof-of-concept attack and said that it might take time.
According to an Ars Technica report, the vulnerability extends only to devices that use the Realtek Wi-Fi hardware, but that might also include some Android devices.