vulnerability

Oracle Linux: CVE-2019-17666: ELSA-2020-0834: kernel security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories)

Severity
7
CVSS
(AV:A/AC:L/Au:N/C:N/I:P/A:C)
Published
2019-10-18
Added
2020-02-13
Modified
2025-01-23

Description

rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.
A flaw was found in the Linux kernel's implementation of the RealTek wireless drivers WiFi-direct (or WiFi peer-to-peer) driver implementation. When the RealTek wireless networking hardware is configured to accept WiFi-Direct or WiFi P2P connections, an attacker within the wireless network connectivity radio range can exploit a flaw in the WiFi-direct protocol known as "Notice of Absence" by creating specially crafted frames which can then corrupt kernel memory as the upper bounds on the length of the frame is unchecked and supplied by the incoming packet.

Solution(s)

oracle-linux-upgrade-kerneloracle-linux-upgrade-kernel-uek
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.