[ASA-201911-9] linux-hardened: arbitrary code execution
Arch Linux Security Advisory ASA-201911-9 ========================================= Severity: Critical Date : 2019-11-07 CVE-ID : CVE-2019-17666 Package : linux-hardened Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1063 Summary ======= The package linux-hardened before version 5.3.7.b-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 5.3.7.b-1. # pacman -Syu "linux-hardened>=5.3.7.b-1" The problem has been fixed upstream in version 5.3.7.b. Workaround ========== When Wi-Fi usage is not required, disabling it mitigates the issue. Description =========== rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel before 5.3.9, 4.19.82, 4.14.152, 4.9.199, 4.4.199 lacks a certain upper-bound check, leading to a buffer overflow. An attacker is able to trigger the overflow remotely through Wi-Fi by using a power- saving feature known as a Notice of Absence when the Realtek (RTLWIFI) driver is being used on the affected host leading to arbitrary code execution. Impact ====== A remote attacker in Wi-Fi range is able to execute arbitrary code when the Realtek (RTLWIFI) driver is being used on the affected host. References ========== https://lkml.org/lkml/2019/10/16/1226 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... https://security.archlinux.org/CVE-2019-17666
participants (1)
-
Levente Polyak