Kernel 5.3.9 And Other Stable Series Linux Kernels Are Released With Important Realtek Wifi Vulnerability Fix

From LinuxReviews
Jump to navigationJump to search
Xkill.png

Wifi Chips from Taiwanese Realtek are found in near-zero consumer laptops and a lot of the dirt-cheapest routers and USB networking dongles. They use a Linux kernel driver called rtlwifi which, up to now, had a slight buffer overflow problem which could potentially be (ab)used to run arbitrary code on any Linux-based computer with realtek wireless networking enabled. No proof of concept or other exploits exist. You should probably upgrade your kernel if you are using a Realtek-based wifi device running a Linux kernel regardless.

Linksys-lgs308.jpg
A Linksys LGS308 networking switch. It is not a wifi router and it has no Realtek chip but it is networking gear and zoomer's can't tell the difference.

The new stable Linux kernels 5.3.9, 4.19.82, 4.14.152, 4.9.199 and 4.4.199 all have some patches by Laura Abbott and Larry Finger which fixes this Realtek-specific vulnerability which went unnoticed for six years before it was finally fixed this week. The flaw, discovered by Nico Waisman, is in the code which handles Wi-Fi Direct. Sending the right kid of wifi packets to a Linux-based router or computer using the Linux kernels rtlwifi driver is enough to cause a buffer overflow in the kernel which can be used overwrite memory with potentially evil code. Actually exploiting this in a way that makes code placed in memory in this fashion execute is no easy feat. Causing a crash is more trivial.

You may want to keep an eye out for updated firmware if you have a router with a Realtek wifi chip and it's running a Linux kernel which uses rtlwifi to power it. Wifi routers are the main concern, laptops with Realtek Wifi chips built into them are rare.

Do note that you do not need to panic if you do have a Realtek-based router or USB dongle. There's plenty of other attacks that are way simpler if someone hell-bent on doing you harm is close enough to exploit a vulnerability in your Wifi routers kernel using short-range radio waves. Smashing it with a hammer would easily destroy it and that's much quicker than trying to create and send special kind of wifi packets which would cause a buffer overflow and crash it or, ideally, execute code. None of those things are possible over the Internet, the attacker would have to be local - so this is almost a non-issue.

The rest of the changelogs for these new kernels are dull and not at all interesting. You may want to upgrade regardless just because newer kernels are available, but there's no real reason to do so if you do not have a Realtek wifi device.