The Linux kernel has been found to contain an error, which provides hackers with the opportunity to crash devices using Realtek’s WiFi chips. In some cases, it is also possible to take over devices. The error has existed for 6 years, until now.
The vulnerability is located in the RTLWIFI driver, which is used to support Realtek WiFi chips in Linux devices. Principal security engineer Nico Waisman of GitHub told Ars Technica that the error can be triggered if an affected device is near a rogue device. If wi-fi is on, no end-user interaction is required to exploit the error.
The vulnerability creates a buffer overflow, which creates a problem with memory blocks. Programs allocate blocks of memory of a certain size, to store data which they are processing. With a buffer overflow, more data is written or read than the device can handle.
Hackers can, at the least, use the vulnerability to crash an operating system, but they could also take over full control of a device in some cases. The error affects a large number of Linux kernels, all versions after version 3.10.1 from 2013. A vulnerable device has to contain a Realtek wifi-chip, however.
According to Waisman, the vulnerability is very dangerous, although he has not yet drawn up a proof-of-concept attack in which malicious code can be executed on a vulnerable system. As a result, it is not yet clear exactly how dangerous the error is. In the meantime, a solution to the error, which is now being tracked under the code CVE-2019-17666, is already underway. Linux developers proposed the solution, which will probably soon become part of the kernel.
The solution is expected to be rolled out to various Linux distributions in the coming days or weeks.