Arch Linux Security Advisory ASA-201911-12 ========================================== Severity: Critical Date : 2019-11-13 CVE-ID : CVE-2019-17666 Package : linux-zen Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1066 Summary ======= The package linux-zen before version 5.3.9.1-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 5.3.9.1-1. # pacman -Syu "linux-zen>=5.3.9.1-1" The problem has been fixed upstream in version 5.3.9.1. Workaround ========== When Wi-Fi usage is not required, disabling it mitigates the issue. Description =========== rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel before 5.3.9, 4.19.82, 4.14.152, 4.9.199, 4.4.199 lacks a certain upper-bound check, leading to a buffer overflow. An attacker is able to trigger the overflow remotely through Wi-Fi by using a power- saving feature known as a Notice of Absence when the Realtek (RTLWIFI) driver is being used on the affected host leading to arbitrary code execution. Impact ====== A remote attacker in Wi-Fi range is able to execute arbitrary code when the Realtek (RTLWIFI) driver is being used on the affected host. References ========== https://lkml.org/lkml/2019/10/16/1226 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8c55dedb795be8ec0cf488f98c03a1c2176f7fb1 https://security.archlinux.org/CVE-2019-17666