Linux users unknowingly remained vulnerable to a serious security flaw for almost four years. Recently, a researcher highlighted a critical Linux WiFi vulnerability that could allow system compromise. The bug existed for four years and still awaits a patch.
Linux WiFi Vulnerability Existing For Years
Reportedly, there is a security vulnerability affecting millions of Linux users. The vulnerability primarily affects the Realtek driver (rtlwifi) allowing an adversary to compromise the targeted system. As discovered by the researcher Nico Waisman, the Linux WiFi vulnerability existed for about four years.
Found this bug on Monday. An overflow on the linux rtlwifi driver on P2P (Wifi-Direct), while parsing Notice of Absence frames.
The bug has been around for at least 4 years https://t.co/rigXOEId29 pic.twitter.com/vlVwHbUNmf— Nico Waisman (@nicowaisman) October 17, 2019
Labelled with CVE ID CVE-2019-17666, this buffer overflow in the kernel is a serious flaw achieving critical severity rating. As described,
A vulnerability was found in Linux Kernel up to 5.3.6 (Operating System). It has been classified as critical. This affects the function rtl_p2p_noa_ie of the file drivers/net/wireless/realtek/rtlwifi/ps.c. The manipulation with an unknown input leads to a memory corruption vulnerability.
While describing the vulnerability, Waisman told ARS Technica,
The bug is serious. It’s a vulnerability that triggers an overflow remotely through Wi-Fi on the Linux kernel, as long as you’re using the Realtek (RTLWIFI) driver.
For now, the researcher is working on a proof-of-concept. He believes the vulnerability can lead to remote code execution upon exploit.
I’m still working on exploitation… On paper, [this] is an overflow that should be exploitable. Worst-case scenario, [this] is a denial of service; best scenario, you get a shell.
Patched Underway
The vulnerability specifically becomes dangerous with WiFi turned on as it requires no user interaction. Moreover, it only affects devices using the Realtek chip. Vulnerable devices remain safe unless the WiFi is turned off.
While the Linux kernel team has seemingly devised a fix to address this bug, it still awaits an official rollout for users.
Let us know your thoughts in the comments.