Linux systems have been reported to be susceptible to a flaw that could allow hackers to gain control of the machine through any nearby devices' WiFi signals.
The report was credited to Nico Waisman of GitHub Security Lab, who disclosed the new vulnerability which is affecting the version 3.10.1 of the Linux kernel released in 2013. It works by adding vendor-specific data elements to the WiFi beacons, which once received by any vulnerable device, will trigger the buffer overflow in the Linux kernel.
The vulnerability is marked as CVE-2019-17666 (rtl_p2p_noa_ie) and resides in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel, through 5.3.6 lacks which is an upper-bound check, leading to buffer overflow. And it stems from the RTLWIFI driver which supports Realtek WiFi chips in several Linux systems, and the flaw is activated once the device is brought within the radio range of any malicious device.
Found this bug on Monday. An overflow on the linux rtlwifi driver on P2P (Wifi-Direct), while parsing Notice of Absence frames.— Nico Waisman (@nicowaisman) October 17, 2019
The bug has been around for at least 4 years https://t.co/rigXOEId29 pic.twitter.com/vlVwHbUNmf
Albeit, Waisman is still studying the exploitation and working to provide a proof-of-concept attack exploiting the flaw in ways that it can be executed on a vulnerable machine.
The developers have proposed a fix which will soon be released for the OS Kernel in a few days time, and the roll-out to various Linux distributions.