CVE-2019-17666 log

Source
Severity Critical
Remote Yes
Type Arbitrary code execution
Description
rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel before 5.3.9, 4.19.82, 4.14.152, 4.9.199, 4.4.199 lacks a certain upper-bound check, leading to a buffer overflow. An attacker is able to trigger the overflow remotely through Wi-Fi by using a power-saving feature known as a Notice of Absence when the Realtek (RTLWIFI) driver is being used on the affected host leading to arbitrary code execution.
Group Package Affected Fixed Severity Status Ticket
AVG-1066 linux-zen 5.3.8.1-1 5.3.9.1-1 Critical Fixed
AVG-1065 linux-lts 4.19.81-1 4.19.82-1 Critical Fixed
AVG-1064 linux 5.3.8.1-1 5.3.9.1-1 Critical Fixed
AVG-1063 linux-hardened 5.3.7.a-1 5.3.7.b-1 Critical Fixed
Date Advisory Group Package Severity Description
07 Nov 2019 ASA-201911-9 AVG-1063 linux-hardened Critical arbitrary code execution
13 Nov 2019 ASA-201911-12 AVG-1066 linux-zen Critical arbitrary code execution
13 Nov 2019 ASA-201911-11 AVG-1065 linux-lts Critical arbitrary code execution
13 Nov 2019 ASA-201911-10 AVG-1064 linux Critical arbitrary code execution
References
https://lkml.org/lkml/2019/10/16/1226
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8c55dedb795be8ec0cf488f98c03a1c2176f7fb1