ASA-201911-11 log generated external raw

[ASA-201911-11] linux-lts: arbitrary code execution
Arch Linux Security Advisory ASA-201911-11 ========================================== Severity: Critical Date : 2019-11-13 CVE-ID : CVE-2019-17666 Package : linux-lts Type : arbitrary code execution Remote : Yes Link : Summary ======= The package linux-lts before version 4.19.82-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 4.19.82-1. # pacman -Syu "linux-lts>=4.19.82-1" The problem has been fixed upstream in version 4.19.82. Workaround ========== When Wi-Fi usage is not required, disabling it mitigates the issue. Description =========== rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel before 5.3.9, 4.19.82, 4.14.152, 4.9.199, 4.4.199 lacks a certain upper-bound check, leading to a buffer overflow. An attacker is able to trigger the overflow remotely through Wi-Fi by using a power- saving feature known as a Notice of Absence when the Realtek (RTLWIFI) driver is being used on the affected host leading to arbitrary code execution. Impact ====== A remote attacker in Wi-Fi range is able to execute arbitrary code when the Realtek (RTLWIFI) driver is being used on the affected host. References ==========