Linux Wi-Fi bug leaves systems vulnerable to forced crashes and full control by hackers

Security bug
(Image credit: Shutterstock)

A vulnerability has been discovered in the RTLWIFI driver, which is used to support Realtek Wi-Fi chips on Linux system. A flaw in the driver could be exploited to either crash your device, or even allow an attacker to take full control of your system.

The bug has been around for at least four years, and is described as 'serious' by security experts. It has been assigned CVE-2019-17666, and while a fix has been proposed, it's yet to be incorporated into the Linux kernel.

As noted by Ars Technica, even when the patch makes its way to an updated version of the kernel, users will then need to wait for it to be included in Linux distros – and this is something that could take some time.

Remote attack

Perhaps most interestingly, the attack can be triggered remotely, with no input from the user.Any Linux device with the Realtek chip is at risk, provided Wi-Fi is turned on and it's within range of a malicious machine.

It exploits a vulnerability in a power-saving feature called Notice of Absence, which is built into Wi-Fi Direct (a standard that lets devices connect to one another without a router). An attacker could add vendor-specific information to Wi-Fi beacons, which would cause a buffer overflow in the Linux kernel when received.

As well as desktops and laptops with Linux distributions installed, it's thought that the vulnerability could also affect Android phones that have Realtek Wi-Fi chips, as Android is based on Linux.

Via Ars Technica

Sofia Elizabella Wyciślik-Wilson
Freelance writer

Sofia is a tech journalist who's been writing about software, hardware and the web for nearly 25 years – but still looks as youthful as ever! After years writing for magazines, her life moved online and remains fueled by technology, music and nature.

Having written for websites and magazines since 2000, producing a wide range of reviews, guides, tutorials, brochures, newsletters and more, she continues to write for diverse audiences, from computing newbies to advanced users and business clients. Always willing to try something new, she loves sharing new discoveries with others.

Sofia lives and breathes Windows, Android, iOS, macOS and just about anything with a power button, but her particular areas of interest include security, tweaking and privacy. Her other loves include walking, music, her two Malamutes and, of course, her wife and daughter.

You can find her on Twitter and Mastodon.