CVE-2019-17666

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 5.3.6

Description The issue is related to a buffer overflow in the rtl p2p noa ie function in the Linux kernel's rtlwifi driver. This vulnerability can be exploited remotely, allowing an attacker to access confidential data, compromise its integrity, and cause a denial of service. The vulnerability is associated with a lack of a certain upper-bound check, leading to a buffer overflow. It can be exploited by sending specially crafted frames, potentially allowing code execution in the context of the kernel.

Recommendations For Linux kernel versions through 5.3.6, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the rtlwifi driver to minimize the risk of exploitation. Avoid using the rtl p2p noa ie function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability, but a patch has been proposed by Nicolas Waisman, a security engineer at GitHub.