A researcher has found several security vulnerabilities in ThreadX WiFi firmware. He discovered these vulnerabilities in the firmware running on Marvell Avastar 88W8897 wireless chipset. This discovery holds significant importance since the chipset empowers several popular smartphones, laptops, gaming devices, and routers. That means a large number of gadgets used globally are at risk.
Vulnerabilities In ThreadX WiFi Firmware
Reportedly researcher Denis Selianin from Embedi has disclosed details about multiple vulnerabilities spotted in the ThreadX WiFi firmware. He found these vulnerabilities sometime earlier and has presented the details initially in the ZeroNights 2018 talk. As revealed, he found as much as four memory corruption flaws. Out of these, he has discussed two in detail in his blog post.
One of these vulnerabilities is block pool overflow, which he called the most interesting one. The flaw is unique in the sense that it requires zero user interaction. The vulnerability triggers every 5 minutes when the firmware scans for available networks (in case of GNU/Linux). Exploiting this vulnerability merely requires the target device powered on, even if not connected to the wireless network and does not require any Wi-Fi network name or passphrase/key as well.
The other vulnerability is a stack-based buffer overflow, about which he states,
“There’s also no binary exploitation mitigations in the Linux kernel “3.8.13-mrvl”. However, AGAIN because of the I/D-cache incoherence and/or write-back buffer deffer commit, some preparatory stages are required. Also, there’s no control over stack because of function epilogues, which pops stack pointer from stack itself.”
While he shared the technical details of the exploit in his blog, he has also shared a video demonstration.
Patches Yet To Arrive
Although, the researcher has disclosed the technicalities of the flaws. He has not yet shared any proof-of-concept for now as the firm is yet to release the patches. So, until then, users must stay vigilant regarding their device security.
ThreadX is a real-time operating system (RTOS) specifically designed for real-time, embedded, and IoT apps. The firmware runs on around 6 million devices globally, including Microsoft Surface, Samsung Chromebooks, Samsung Galaxy J1 smartphones, Valve SteamLink cast devices, and gaming consoles like PS4 and Xbox One.
