CVE-2019-17666 log
| Source |
|
| Severity | Critical |
| Remote | Yes |
| Type | Arbitrary code execution |
| Description | rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel before 5.3.9, 4.19.82, 4.14.152, 4.9.199, 4.4.199 lacks a certain upper-bound check, leading to a buffer overflow. An attacker is able to trigger the overflow remotely through Wi-Fi by using a power-saving feature known as a Notice of Absence when the Realtek (RTLWIFI) driver is being used on the affected host leading to arbitrary code execution. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-1066 | linux-zen | 5.3.8.1-1 | 5.3.9.1-1 | Critical | Fixed | |
| AVG-1065 | linux-lts | 4.19.81-1 | 4.19.82-1 | Critical | Fixed | |
| AVG-1064 | linux | 5.3.8.1-1 | 5.3.9.1-1 | Critical | Fixed | |
| AVG-1063 | linux-hardened | 5.3.7.a-1 | 5.3.7.b-1 | Critical | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 07 Nov 2019 | ASA-201911-9 | AVG-1063 | linux-hardened | Critical | arbitrary code execution |
| 13 Nov 2019 | ASA-201911-12 | AVG-1066 | linux-zen | Critical | arbitrary code execution |
| 13 Nov 2019 | ASA-201911-11 | AVG-1065 | linux-lts | Critical | arbitrary code execution |
| 13 Nov 2019 | ASA-201911-10 | AVG-1064 | linux | Critical | arbitrary code execution |
| References |
|---|
https://lkml.org/lkml/2019/10/16/1226 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8c55dedb795be8ec0cf488f98c03a1c2176f7fb1 |