Industry News

Serious Vulnerability that Could Crash or Compromise Linux OSes Found and Fixed

A potentially dangerous vulnerability was discovered in the Linux Kernel, affecting Realtek Wi-Fi chips that could have been used to crash or compromise any systems running Linux.

Security researcher Nico Waisman discovered the flaw, now dubbed CVE-2019-17666. A buffer overflow could be triggered by in any machines using a Realtek Wi-Fi chip and any Linux kernel, which would, at the very least, crash the OS. In the worst-case scenario, it could let an attacker gain control over the system.

“Found this bug on Monday. An overflow on the linux rtlwifi driver on P2P (Wifi-Direct), while parsing Notice of Absence frames. The bug has been around for at least 4 years,” explained Waisman on Twitter.

Since this is a vulnerability at the kernel level, a patch is required to fix it, and it will be available soon. “Nicolas Waisman noticed that even though noa_len is checked for a compatible length it’s still possible to overrun the buffers of p2pinfo since there’s no check on the upper bound of noa_num. Bounds check noa_num against P2P_MAX_NOA_NUM,” said kernel developer Laura Abbott.

Linux kernel development moves quickly, and a patch will be made available on all branches in coming days. It takes a while to distribute across the ecosystem, and some systems will always remain unpatched.

There’s a little bit of silver lining, as the vulnerability was discovered by a security researcher and not a hacker. It’s not used in the wild. Waisman was still working on a way to devise a proof-of-concept attack and said that it might take time.

According to an Ars Technica report, the vulnerability extends only to devices that use the Realtek Wi-Fi hardware, but that might also include some Android devices.

About the author

Silviu STAHIE

Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between. He's passionate about security and the way it shapes the world, in all aspects of life. He's also a space geek, enjoying all the exciting new things the Universe has to offer.

Add Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.