ASA-2019-00573 – Linux kernel: Potential buffer overflow on P2P code in rtlwifi

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00573

Identifier(s)

ASA-2019-00573, CVE-2019-17666

Title

Potential buffer overflow on P2P code in rtlwifi

Vendor(s)

Linux foundation

Product(s)

Linux kernel

Affected version(s)

Linux kernel 5.3.x versions before 5.3.9
Linux kernel 4.9.x versions before 4.9.199
Linux kernel 4.4.x versions before 4.4.199
Linux kernel 4.19.x versions before 4.19.82
Linux kernel 4.14.x versions before 4.14.152

Fixed version(s)

Linux kernel version 5.3.9
Linux kernel version 4.9.199
Linux kernel version 4.4.199
Linux kernel version 4.19.82
Linux kernel version 4.14.152

Proof of concept

Unknown

Description

The function rtl_p2p_noa_ie() in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow.

Technical details

Even though noa_len is checked for a compatible length, it’s still possible to overrun the buffers of p2pinfo since there’s no check on the upper bound of noa_num.

Credits

Nicolas Waisman (Semmle Security Research)

Reference(s)

[PATCH] rtlwifi: Fix potential overflow on P2P code
https://lkml.org/lkml/2019/10/16/1226

rtlwifi: Fix potential overflow on P2P code
https://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers.git/commit/?id=8c55dedb795be8ec0cf488f98c03a1c2176f7fb1

Linux 5.3.9
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9

Linux 4.9.199
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.199

Linux 4.4.199
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.199

Linux 4.19.82
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.82

Linux 4.14.152
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.152

October 2019 Linux Kernel Vulnerabilities in NetApp Products
https://security.netapp.com/advisory/ntap-20191031-0005/

CVE-2019-17666 - Red Hat Customer Portal
https://access.redhat.com/security/cve/CVE-2019-17666

CVE-2019-17666 in Ubuntu
https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17666.html

CVE-2019-17666 | SUSE
https://www.suse.com/security/cve/CVE-2019-17666

CVE-2019-17666
https://security-tracker.debian.org/tracker/CVE-2019-17666

CVE-2019-17666
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17666

CVE-2019-17666
https://nvd.nist.gov/vuln/detail/CVE-2019-17666

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: November 11, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.