It is reported that when a computer with Realtek Wi Fi chip is in the radio range of a malicious device, the vulnerability will trigger a buffer overflow problem in the Linux kernel. The flaw not only causes the operating system to crash, but also allows hackers to take full control of the computer. The flaw dates back to the release of 3.10.1 of the Linux kernel in 2013.
"This vulnerability is very serious," said Nico Waisman, GitHub's chief security engineer. "As long as you use the Realtek (rtlwifi) driver, this vulnerability can trigger overflow remotely through Wi Fi on the Linux kernel." The vulnerability trace is cve-2019-17666. Linux developers on Wednesday proposed a fix that is likely to be incorporated into the OS kernel in the next few days or weeks. Only after that can the patch enter various Linux distributions.
Waisman said a proof of concept attack has not been designed to execute malicious code on the affected devices. But he said: "I'm still trying to explore, which is bound to... Take some time (which, of course, may not be possible). On the surface, [this] is the overflow that should be utilized. At worst, [this] is a denial of service; at best, you get a shell. "
The study expert did not continue to study the flaw on Twitter following the opening of the vulnerability.