Bug 1763690 (CVE-2019-17666)
Summary: | CVE-2019-17666 kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | acaringi, airlied, asavkov, bdettelb, bhu, blc, brdeoliv, bskeggs, dhoward, dvlasenk, esammons, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jlelli, joe.lawrence, john.j5live, jonathan, josef, jpoimboe, jross, jschorr, jshortt, jstancek, jthierry, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, linville, masami256, matt, mchehab, mcressma, mjg59, mlangsdo, mmilgram, nmurray, plougher, pmatouse, rhandlin, rtillery, rt-maint, rvrbovsk, steved, williams, wmealing, ycote |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | kernel 5.3.6 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in the Linux kernel's implementation of the RealTek wireless drivers WiFi-direct (or WiFi peer-to-peer) driver implementation. When the RealTek wireless networking hardware is configured to accept WiFi-Direct or WiFi P2P connections, an attacker within the wireless network connectivity radio range can exploit a flaw in the WiFi-direct protocol known as "Notice of Absence" by creating specially crafted frames which can then corrupt kernel memory as the upper bounds on the length of the frame is unchecked and supplied by the incoming packet.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-02-04 14:09:35 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1763692, 1775221, 1775222, 1775223, 1775225, 1775226, 1775227, 1775228, 1775229, 1775230, 1775231, 1775232, 1775233, 1775235, 1775236, 1775237, 1775238, 1775239, 1775240, 1775241, 1775242, 1775243, 1775244, 1775261, 1789842, 1809607 | ||
Bug Blocks: | 1763694 |
Description
Marian Rehak
2019-10-21 11:16:21 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1763692] External References: https://arstechnica.com/information-technology/2019/10/unpatched-linux-flaw-may-let-attackers-crash-or-compromise-nearby-devices/ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8c55dedb795be8ec0cf488f98c03a1c2176f7fb1 Hello! The information seems to check out, thank you very much for this improvement! This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0328 https://access.redhat.com/errata/RHSA-2020:0328 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0339 https://access.redhat.com/errata/RHSA-2020:0339 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-17666 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.5 Extended Update Support Via RHSA-2020:0543 https://access.redhat.com/errata/RHSA-2020:0543 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Advanced Update Support Via RHSA-2020:0661 https://access.redhat.com/errata/RHSA-2020:0661 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0740 https://access.redhat.com/errata/RHSA-2020:0740 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:0831 https://access.redhat.com/errata/RHSA-2020:0831 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0834 https://access.redhat.com/errata/RHSA-2020:0834 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0839 https://access.redhat.com/errata/RHSA-2020:0839 This issue has been addressed in the following products: Red Hat Enterprise MRG 2 Via RHSA-2020:1353 https://access.redhat.com/errata/RHSA-2020:1353 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2020:1347 https://access.redhat.com/errata/RHSA-2020:1347 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Advanced Update Support Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions Red Hat Enterprise Linux 7.3 Telco Extended Update Support Via RHSA-2020:1473 https://access.redhat.com/errata/RHSA-2020:1473 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:1465 https://access.redhat.com/errata/RHSA-2020:1465 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:1524 https://access.redhat.com/errata/RHSA-2020:1524 |