CVE-2019-17666: Buffer Overflow
First published: Thu Oct 17 2019(Updated: )
A flaw was found in the Linux kernel's implementation of the RealTek wireless drivers WiFi-direct (or WiFi peer-to-peer) driver implementation. When the RealTek wireless networking hardware is configured to accept WiFi-Direct or WiFi P2P connections, an attacker within the wireless network connectivity radio range can exploit a flaw in the WiFi-direct protocol known as "Notice of Absence" by creating specially crafted frames which can then corrupt kernel memory as the upper bounds on the length of the frame is unchecked and supplied by the incoming packet.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <0:2.6.32-754.29.1.el6 | 0:2.6.32-754.29.1.el6 |
| redhat/kernel-rt | <0:3.10.0-1062.18.1.rt56.1044.el7 | 0:3.10.0-1062.18.1.rt56.1044.el7 |
| redhat/kernel-alt | <0:4.14.0-115.18.1.el7a | 0:4.14.0-115.18.1.el7a |
| redhat/kernel | <0:3.10.0-1062.18.1.el7 | 0:3.10.0-1062.18.1.el7 |
| redhat/kernel | <0:3.10.0-327.85.1.el7 | 0:3.10.0-327.85.1.el7 |
| redhat/kernel | <0:3.10.0-514.74.1.el7 | 0:3.10.0-514.74.1.el7 |
| redhat/kernel | <0:3.10.0-693.65.1.el7 | 0:3.10.0-693.65.1.el7 |
| redhat/kernel | <0:3.10.0-862.48.1.el7 | 0:3.10.0-862.48.1.el7 |
| redhat/kernel | <0:3.10.0-957.48.1.el7 | 0:3.10.0-957.48.1.el7 |
| redhat/kernel-rt | <0:4.18.0-147.5.1.rt24.98.el8_1 | 0:4.18.0-147.5.1.rt24.98.el8_1 |
| redhat/kernel | <0:4.18.0-147.5.1.el8_1 | 0:4.18.0-147.5.1.el8_1 |
| redhat/kernel | <0:4.18.0-80.16.1.el8_0 | 0:4.18.0-80.16.1.el8_0 |
| redhat/kernel-rt | <1:3.10.0-693.65.1.rt56.663.el6 | 1:3.10.0-693.65.1.rt56.663.el6 |
| Linux Linux kernel | <3.16.77 | |
| Linux Linux kernel | >=3.17<4.4.199 | |
| Linux Linux kernel | >=4.5<4.9.199 | |
| Linux Linux kernel | >=4.10<4.14.152 | |
| Linux Linux kernel | >=4.15<4.19.82 | |
| Linux Linux kernel | >=4.20<5.2 | |
| Linux Linux kernel | >=5.3<5.3.9 | |
| Debian Debian Linux | =8.0 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =19.04 | |
| Canonical Ubuntu Linux | =19.10 | |
| redhat/kernel | <5.3.6 | 5.3.6 |
| Google Android | ||
| IBM Data Risk Manager | <=2.0.6 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.106-3 6.1.112-1 6.11.4-1 6.11.5-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2019-17666 https://nvd.nist.gov/vuln/detail/CVE-2019-17666 https://arstechnica.com/information-technology/2019/10/unpatched-linux-flaw-may-let-attackers-crash-or-compromise-nearby-devices/ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8c55dedb795be8ec0cf488f98c03a1c2176f7fb1
- https://bugzilla.redhat.com/show_bug.cgi?id=1763690
- https://access.redhat.com/errata/RHSA-2020:1524
- https://access.redhat.com/errata/RHSA-2020:0839
- https://access.redhat.com/errata/RHSA-2020:0740
- https://access.redhat.com/errata/RHSA-2020:0834
- https://access.redhat.com/errata/RHSA-2020:0661
- https://access.redhat.com/errata/RHSA-2020:1473
- https://access.redhat.com/errata/RHSA-2020:1347
- https://access.redhat.com/errata/RHSA-2020:0543
- https://access.redhat.com/errata/RHSA-2020:1465
- https://access.redhat.com/errata/RHSA-2020:0328
- https://access.redhat.com/errata/RHSA-2020:0339
- https://access.redhat.com/errata/RHSA-2020:0831
- https://access.redhat.com/errata/RHSA-2020:1353
- https://access.redhat.com/security/cve/cve-2019-17666
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html
- https://arstechnica.com/information-technology/2019/10/unpatched-linux-flaw-may-let-attackers-crash-or-compromise-nearby-devices/
- https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
- https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRBP4O6D2SQ2NHCRHTJONGCZLWOIV5MN/
- https://lkml.org/lkml/2019/10/16/1226
- https://security.netapp.com/advisory/ntap-20191031-0005/
- https://twitter.com/nicowaisman/status/1184864519316758535
- https://usn.ubuntu.com/4183-1/
- https://usn.ubuntu.com/4184-1/
- https://usn.ubuntu.com/4185-1/
- https://usn.ubuntu.com/4186-1/
- https://usn.ubuntu.com/4186-2/
- https://launchpad.net/bugs/cve/CVE-2019-17666
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1763692
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8c55dedb795be8ec0cf488f98c03a1c2176f7fb1
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRBP4O6D2SQ2NHCRHTJONGCZLWOIV5MN/
- https://android.googlesource.com/kernel/common/+/ee33af324931688a75bcc741f1b6cfbeb4584596
- https://source.android.com/docs/security/bulletin/2020-01-01 (Advisory)
- https://exchange.xforce.ibmcloud.com/vulnerabilities/169487
- https://www.ibm.com/support/pages/node/6335281 (Advisory)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17666
- https://nvd.nist.gov/vuln/detail/CVE-2019-17666
- https://security-tracker.debian.org/tracker/CVE-2019-17666
- https://ubuntu.com/security/CVE-2019-17666
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- collector/nvd-index
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/severity
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-17666
- agent/software-canonical-lookup
- collector/nvd-cve
- source/NVD
- collector/android-source
- source/Android
- collector/ibm-support
- source/IBM
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- agent/references
- agent/remedy
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- package-manager/redhat
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/3.17
- version/linux linux kernel/4.5
- version/linux linux kernel/4.10
- version/linux linux kernel/4.15
- version/linux linux kernel/4.20
- version/linux linux kernel/5.3
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/19.04
- version/canonical ubuntu linux/19.10
- vendor/google
- canonical/google android
- vendor/ibm
- canonical/ibm data risk manager
- version/ibm data risk manager/2.0.6
- package-manager/debian