A security researcher has warned of an as-yet unpatched vulnerability in the Realtek Wi-Fi driver bundled as part of the Linux kernel which could allow nearby attackers to crash a target system - or, potentially but as-yet unproven, execute arbitrary code.
Publicly disclosed late yesterday by researcher Nico Waisman via Twitter, a vulnerability in the rtlwifi driver - bundled with the Linux kernel to run Realtek Wi-Fi modules - stretches back around four years, leaving a swathe of Linux-powered devices vulnerable to attack. Successful exploitation of the vulnerability, however, isn't the easiest: The attacker must be within range of the device, which must include a Realtek Wi-Fi radio, which must be both activated and, seemingly, configured for Wi-Fi Direct peer-to-peer operation. If all conditions are true, a flaw in the way the driver handles Notice of Absence packets creates a buffer overflow condition which can crash the target system - and which Waisman believes may be able to be further exploited to execute arbitrary code.
According to coverage of the flaw by Ars Technica, Linux kernel developers were advised of the issue on Monday and by Wednesday had written a fix. It will take time, however, for the patch to be tested and accepted into upstream, and then still more time for the patch to make its way to end users across the globe.
A bigger issue stems from embedded systems which use Realtek Wi-Fi hardware, updates for which may never arrive. Thankfully, the fact that the flaw seems to only appear in Wi-Fi Direct mode should limit most users' exposure - and any devices based on non-Realtek hardware are unaffected.
February 27 2020 | 11:00