Serious Vulnerability that Could Crash or Compromise Linux OSes Found and Fixed

A potentially dangerous vulnerability was discovered in
the Linux Kernel, affecting Realtek Wi-Fi chips that could have been used to
crash or compromise any systems running Linux.

Security researcher Nico Waisman discovered the flaw, now
dubbed CVE-2019-17666.
A buffer overflow could be triggered by in any machines using a Realtek Wi-Fi
chip and any Linux kernel, which would, at the very least, crash the OS. In the
worst-case scenario, it could let an attacker gain control over the system.

“Found this bug on Monday. An overflow on the linux
rtlwifi driver on P2P (Wifi-Direct), while parsing Notice of Absence frames.
The bug has been around for at least 4 years,” explained
Waisman on Twitter.

Since this is a vulnerability at the kernel level, a
patch is required to fix it, and it will be available soon. “Nicolas
Waisman noticed that even though noa_len is checked for a compatible length
it’s still possible to overrun the buffers of p2pinfo since there’s no check on
the upper bound of noa_num. Bounds check noa_num against P2P_MAX_NOA_NUM,”
said kernel developer Laura

Linux kernel development moves quickly, and a patch will
be made available on all branches in coming days. It takes a while to
distribute across the ecosystem, and some systems will always remain unpatched.

There’s a little bit of silver lining, as the vulnerability was discovered by a security researcher and not a hacker. It’s not used in the wild. Waisman was still working on a way to devise a proof-of-concept attack and said that it might take time.

According to an Ars Technica report, the vulnerability extends only to devices that use the Realtek Wi-Fi hardware, but that might also include some Android devices.

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top