1 min read

Serious Vulnerability that Could Crash or Compromise Linux OSes Found and Fixed

Silviu STAHIE

October 18, 2019

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Serious Vulnerability that Could Crash or Compromise Linux OSes Found and Fixed

A potentially dangerous vulnerability was discovered in the Linux Kernel, affecting Realtek Wi-Fi chips that could have been used to crash or compromise any systems running Linux.

Security researcher Nico Waisman discovered the flaw, now dubbed CVE-2019-17666. A buffer overflow could be triggered by in any machines using a Realtek Wi-Fi chip and any Linux kernel, which would, at the very least, crash the OS. In the worst-case scenario, it could let an attacker gain control over the system.

“Found this bug on Monday. An overflow on the linux rtlwifi driver on P2P (Wifi-Direct), while parsing Notice of Absence frames. The bug has been around for at least 4 years,” explained Waisman on Twitter.

Since this is a vulnerability at the kernel level, a patch is required to fix it, and it will be available soon. “Nicolas Waisman noticed that even though noa_len is checked for a compatible length it’s still possible to overrun the buffers of p2pinfo since there’s no check on the upper bound of noa_num. Bounds check noa_num against P2P_MAX_NOA_NUM,” said kernel developer Laura Abbott.

Linux kernel development moves quickly, and a patch will be made available on all branches in coming days. It takes a while to distribute across the ecosystem, and some systems will always remain unpatched.

There’s a little bit of silver lining, as the vulnerability was discovered by a security researcher and not a hacker. It’s not used in the wild. Waisman was still working on a way to devise a proof-of-concept attack and said that it might take time.

According to an Ars Technica report, the vulnerability extends only to devices that use the Realtek Wi-Fi hardware, but that might also include some Android devices.

tags


Author


Silviu STAHIE

Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.

View all posts

You might also like

Bookmarks


loader