CVE-2019-17666 log

Severity Critical
Remote Yes
Type Arbitrary code execution
rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel before 5.3.9, 4.19.82, 4.14.152, 4.9.199, 4.4.199 lacks a certain upper-bound check, leading to a buffer overflow. An attacker is able to trigger the overflow remotely through Wi-Fi by using a power-saving feature known as a Notice of Absence when the Realtek (RTLWIFI) driver is being used on the affected host leading to arbitrary code execution.
Group Package Affected Fixed Severity Status Ticket
AVG-1066 linux-zen Critical Fixed
AVG-1065 linux-lts 4.19.81-1 4.19.82-1 Critical Fixed
AVG-1064 linux Critical Fixed
AVG-1063 linux-hardened 5.3.7.a-1 5.3.7.b-1 Critical Fixed
Date Advisory Group Package Severity Type
07 Nov 2019 ASA-201911-9 AVG-1063 linux-hardened Critical arbitrary code execution
13 Nov 2019 ASA-201911-12 AVG-1066 linux-zen Critical arbitrary code execution
13 Nov 2019 ASA-201911-11 AVG-1065 linux-lts Critical arbitrary code execution
13 Nov 2019 ASA-201911-10 AVG-1064 linux Critical arbitrary code execution