Researcher reveals an overflow on the Linux rtlwifi driver on P2P
A security researcher said that serious security vulnerabilities in Linux could cause nearby devices that use WiFi signals to crash or be completely controlled by hackers. A security researcher named Nico Waisman said that the vulnerability is in the RTLWIFI driver, which is used to support Realtek WiFi chips on Linux devices. Vulnerability tracking is CVE-2019-17666.
Found this bug on Monday. An overflow on the linux rtlwifi driver on P2P (Wifi-Direct), while parsing Notice of Absence frames.
The bug has been around for at least 4 years https://t.co/rigXOEId29 pic.twitter.com/vlVwHbUNmf— Nico Waisman (@nicowaisman) October 17, 2019
It is reported that when a computer with a Realtek Wi-Fi chip is within the radio range of a malicious device, the vulnerability will trigger a buffer overflow problem in the Linux kernel. This vulnerability not only causes the operating system to crash but also allows the hacker to take full control of the computer. This defect can be traced back to the 3.10.1 version of the Linux kernel released in 2013.
Via: arstechnica