Linux Wi-Fi bug leaves systems vulnerable to forced crashes and full control by hackers

Security bug
(Image credit: Shutterstock)
Audio player loading…

A vulnerability has been discovered in the RTLWIFI driver, which is used to support Realtek Wi-Fi chips on Linux system. A flaw in the driver could be exploited to either crash your device, or even allow an attacker to take full control of your system.

The bug has been around for at least four years, and is described as 'serious' by security experts. It has been assigned CVE-2019-17666 (opens in new tab), and while a fix has been proposed (opens in new tab), it's yet to be incorporated into the Linux kernel.

As noted by Ars Technica (opens in new tab), even when the patch makes its way to an updated version of the kernel, users will then need to wait for it to be included in Linux distros – and this is something that could take some time.

Remote attack

Perhaps most interestingly, the attack can be triggered remotely, with no input from the user.Any Linux device with the Realtek chip is at risk, provided Wi-Fi is turned on and it's within range of a malicious machine.

It exploits a vulnerability in a power-saving feature called Notice of Absence, which is built into Wi-Fi Direct (a standard that lets devices connect to one another without a router). An attacker could add vendor-specific information to Wi-Fi beacons, which would cause a buffer overflow in the Linux kernel when received.

As well as desktops and laptops with Linux distributions installed, it's thought that the vulnerability could also affect Android phones that have Realtek Wi-Fi chips, as Android is based on Linux.

Via Ars Technica (opens in new tab)

Sofia is a tech journalist who's been writing about software, hardware and the web for nearly 20 years – but still looks as youthful as ever! After years writing for magazines, her life moved online and remains fueled by technology, music and nature.

Having written for websites and magazines since 2000, producing a wide range of reviews, guides, tutorials, brochures, newsletters and more, she continues to write for diverse audiences, from computing newbies to advanced users and business clients. Always willing to try something new, she loves sharing new discoveries with others.

Sofia lives and breathes Windows, Android, iOS, macOS and just about anything with a power button, but her particular areas of interest include security, tweaking and privacy. Her other loves include walking, music, her two Malamutes and, of course, her wife and daughter.

You can find her on Facebook (opens in new tab), Twitter (opens in new tab) and Mastodon (opens in new tab)

- (opens in new tab)