A potentially dangerous vulnerability was discovered in the Linux Kernel, affecting Realtek Wi-Fi chips that could have been used to crash or compromise any systems running Linux.
Security researcher Nico Waisman discovered the flaw, now dubbed CVE-2019-17666. A buffer overflow could be triggered by in any machines using a Realtek Wi-Fi chip and any Linux kernel, which would, at the very least, crash the OS. In the worst-case scenario, it could let an attacker gain control over the system.
“Found this bug on Monday. An overflow on the linux rtlwifi driver on P2P (Wifi-Direct), while parsing Notice of Absence frames. The bug has been around for at least 4 years,” explained Waisman on Twitter.
Since this is a vulnerability at the kernel level, a patch is required to fix it, and it will be available soon. “Nicolas Waisman noticed that even though noa_len is checked for a compatible length it’s still possible to overrun the buffers of p2pinfo since there’s no check on the upper bound of noa_num. Bounds check noa_num against P2P_MAX_NOA_NUM,” said kernel developer Laura Abbott.
Linux kernel development moves quickly, and a patch will be made available on all branches in coming days. It takes a while to distribute across the ecosystem, and some systems will always remain unpatched.
There’s a little bit of silver lining, as the vulnerability was discovered by a security researcher and not a hacker. It’s not used in the wild. Waisman was still working on a way to devise a proof-of-concept attack and said that it might take time.
According to an Ars Technica report, the vulnerability extends only to devices that use the Realtek Wi-Fi hardware, but that might also include some Android devices.
