A vulnerability has been discovered in the RTLWIFI driver, which is used to support Realtek Wi-Fi chips on Linux system. A flaw in the driver could be exploited to either crash your device, or even allow an attacker to take full control of your system.
The bug has been around for at least four years, and is described as ‘serious’ by security experts. It has been assigned CVE-2019-17666, and while a fix has been proposed, it’s yet to be incorporated into the Linux kernel.
As noted by Ars Technica, even when the patch makes its way to an updated version of the kernel, users will then need to wait for it to be included in Linux distros – and this is something that could take some time.
Perhaps most interestingly, the attack can be triggered remotely, with no input from the user.Any Linux device with the Realtek chip is at risk, provided Wi-Fi is turned on and it’s within range of a malicious machine.
It exploits a vulnerability in a power-saving feature called Notice of Absence, which is built into Wi-Fi Direct (a standard that lets devices connect to one another without a router). An attacker could add vendor-specific information to Wi-Fi beacons, which would cause a buffer overflow in the Linux kernel when received.
As well as desktops and laptops with Linux distributions installed, it’s thought that the vulnerability could also affect Android phones that have Realtek Wi-Fi chips, as Android is based on Linux.
Via Ars Technica