Nico Waisman, principal security engineer at Github, discovered a critical Linux flaw, tracked as CVE-2019-17666, that could be exploited by attackers to fully compromise vulnerable machines.
The vulnerability affects Linux versions through 5.3.6, according to the researchers the issue exists at least since 2015.
The vulnerability is a heap buffer overflow issue that resides in the “rtlwifi” driver that allows certain Realtek Wi-Fi modules to communicate with the Linux operating system.
“rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.” reads the description published by NVD.
The issue affects a feature called the Notice of Absence protocol implemented in the “rtlwifi” driver. The protocol is used by devices to autonomously power down their radio and save energy.
“The Notice of Absence (NoA) protocol allows a P2P GO to announce time intervals, referred to as absence periods, where P2P Clients are not allowed to access the channel, regardless of whether they are in power save or in active mode. In this way, a P2P GO can autonomously decide to power down its radio to save energy.” reads a paper on Device to device communications.
The expert noticed that the driver fails to correctly handle Notice of Absence packets.
“Nicolas Waisman noticed that even though noa_len is checked for a compatible length it’s still possible to overrun the buffers of p2pinfo since there’s no check on the upper bound of noa_num. Bound noa_num against P2P_MAX_NOA_NUM.” reads the security advisory.
An attacker could use packets with incorrect length to trigger the flaw and cause the system to crash.
An unauthenticated attacker could trigger the flaw only if he is within the radio range of the target device.
“The vulnerability triggers an overflow, which means it could make Linux crash or if a proper exploit is written (which is not trivial), an attacker could obtain remote code-execution,” Waisman explained to the Threatpost.
The Linux kernel team has already developed a fix that is currently under revision, it has not yet been included into the Linux kernel.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – Linux Kernel, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
A cyber attack on Leicester City Council resulted in certain street lights remaining illuminated all…
The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting…
The U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the…
This website uses cookies.