According to a security researcher, Senior Engineer at Github, there is a bug in Linux that could allow devices close to us to use WiFi signals to block or compromise vulnerable equipment. The security flaw is present in the RTLWIFI driver, used to support Realtek WiFi chips in devices running Linux operating systems. Worst of all, we don't have to do anything for a malicious user to exploit the vulnerability, just meet certain requirements.
The bug triggers a buffer overload in the Linux kernel when a computer with a Realtek WiFi chip is within range of a malicious device. In the best case scenario, the exploit would cause the operating system to crash, but it could also allow an attacker to gain full control of the computer. In theory. The most worrying thing is that the fault is uncorrected since it was discovered in 2013, when the most up-to-date kernel was Linux 3.10.1.
A bug present in Linux since 2013
The bug is being tracked under the name CVE-2019-17666 and, six years later, it is already has proposed a patch to correct it, last Wednesday to be exact. It is expected that said patch will be included in the Linux kernel in the next few days, but they have not made clear if this would mean that the bug would be corrected with the launch of Linux 5.4 It will take place in late November or early December.
But if anyone is concerned about this flaw, it is likely that it was not taken too seriously for a reason: Nico Waisman, a security researcher, says that has yet to get a proof of concept in which the vulnerability is exploited to execute malicious code, so they are still talking about something theoretical. On the other hand, Waisman says that «the failure is serious'So it's best to stop it before someone gets from theory to practice.
“I'm still working on the farm, and it will definitely… take some time (of course it might not be possible). On paper, it's an overflow that should be exploitable. At worst, it is a denial of service; best case scenario, you get a shell. '
Only devices with a Realtek chip are affected
Vulnerability can be activated when an affected device is within radius from a malicious device, as long as the WiFi is activated, and does not require interaction from the end user, that is, us. The malicious device exploits the vulnerability by using the power-saving feature known as "Notice of Abscence" that includes Wi-Fi Direct, a standard that allows two devices to connect via WiFi without the need for a access point. The attack will work if vendor-specific information items are added to the WiFi beacons. When a vulnerable machine receives them, it triggers the Linux kernel buffer overload.
This bug only affects devices that use Linux operating systems and a Realtek chip when WiFi is on. If we use a Wi-Fi chip from another manufacturer or we have it turned off, something that is worth it if we connect only via Ethernet and we do not have other equipment with which to communicate on the same network, they will not be able to activate the fault and overload.
At the moment, no one from Realtek or Google has come up with a statement that could reassure us (or worry us), so the actual severity of the failure is unknown. The only certainty is that six years is a long time for a vulnerability present in the Linux kernel. That and that the security flaws that can be exploited remotely must be addressed as soon as possible, so that sooner rather than later there will be a new version of the Realtek driver for Linux that corrects this flaw. Hopefully soon.