A potentially severe vulnerability in Linux might make it attainable for nearby units to use Wi-Fi signals to crash or fully compromise vulnerable machines, a security researcher mentioned.
The flaw is situated within the RTLWIFI driver, which is used to help Realtek Wi-Fi chips in Linux gadgets. The vulnerability triggers a buffer overflow in the Linux kernel when a machine with a Realtek Wi-Fi chip is inside the radio and varies from a malicious device. At a minimal, exploits would cause a working-system crash and will possibly permit a hacker to achieve full management of the computer. The flaw dates again to version 3.10.1 of the Linux kernel launched in 2013.
The vulnerability is tracked as CVE-2019-17666. Linux builders proposed a fix that can doubtless be included in the OS kernel within the coming days or weeks. Only after that can the repair make its means into various Linux distributions.
The motive force flaw could be triggered when an affected device is inside radio range from a malicious device. So long as the Wi-Fi is turned on, it requires no interplay on the part of the top user. The malicious device exploits the vulnerability by using a power-saving characteristic often called a Discover of Absence that is constructed into Wi-Fi Direct, an ordinary that permits two units to attach over Wi-Fi without the necessity of an entry-level. The attack would work by including vendor-specific info components to Wi-Fi beacons that, when obtained by a vulnerable device, set off the buffer overflow in the Linux kernel.
The vulnerability only affects Linux devices that use a Realtek chip when Wi-Fi is turned on. The flaw cannot be triggered if Wi-Fi is turned off or if the machine makes use of a Wi-Fi chip from a unique producer. Primarily based on hyperlinks here and here, it seems that Android devices with Realtek Wi-Fi chips might also be affected.