In a driver included with the Linux kernel for wireless adapters based on Realtek chips vulnerability (), which can potentially be exploited to organize the execution of code in the context of the kernel when sending specially designed frames.
The vulnerability is caused by a buffer overflow in the P2P (Wifi-Direct) mode implementation. When parsing frames (Notice of Absence) there is no check of the size of one of the values, which makes it possible to write the data tail to the area outside the buffer boundary and rewrite information in the kernel structures following the buffer.
The attack can be carried out by sending specially crafted frames to a system with an active network adapter based on a Realtek chip with technology support. , which allows two wireless adapters to connect directly without an access point. To exploit the problem, the attacker does not need to connect to the wireless network, and it does not require any actions on the part of the user, it is enough for the attacker to be in the coverage area of ββthe wireless signal.
The working prototype of the exploit is still limited to a remote call to crash the kernel, but potentially the vulnerability does not exclude the possibility of organizing code execution (the assumption is still only theoretical, since there is no exploit prototype for executing the code yet, but the researcher who identified the problem has already over its creation).
The problem manifests itself starting from the kernel (according to other sources, the problem manifests itself starting from the kernel ) released in 2013. The fix is ββcurrently only available as . In distributions, the problem remains uncorrected.
You can follow the elimination of vulnerabilities in distributions on these pages: , , , , , . Probably also vulnerable and Android platform.
Source: opennet.ru