Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1763690 (CVE-2019-17666) - CVE-2019-17666 kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow
Summary: CVE-2019-17666 kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-17666
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1763692 1775221 1775222 1775223 1775225 1775226 1775227 1775228 1775229 1775230 1775231 1775232 1775233 1775235 1775236 1775237 1775238 1775239 1775240 1775241 1775242 1775243 1775244 1775261 1789842 1809607
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-10-21 11:16 UTC by Marian Rehak
Modified: 2023-09-07 20:49 UTC (History)
56 users (show)

Fixed In Version: kernel 5.3.6
Clone Of:
Environment:
Last Closed: 2020-02-04 14:09:35 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:0455 0 None None None 2020-02-10 01:49:02 UTC
Red Hat Product Errata RHBA-2020:0554 0 None None None 2020-02-19 21:45:09 UTC
Red Hat Product Errata RHBA-2020:0890 0 None None None 2020-03-18 07:42:23 UTC
Red Hat Product Errata RHBA-2020:0894 0 None None None 2020-03-18 15:16:49 UTC
Red Hat Product Errata RHBA-2020:0900 0 None None None 2020-03-19 09:34:38 UTC
Red Hat Product Errata RHBA-2020:1430 0 None None None 2020-04-14 08:23:38 UTC
Red Hat Product Errata RHBA-2020:1431 0 None None None 2020-04-14 08:15:24 UTC
Red Hat Product Errata RHBA-2020:1432 0 None None None 2020-04-14 08:15:33 UTC
Red Hat Product Errata RHSA-2020:0328 0 None None None 2020-02-04 08:52:10 UTC
Red Hat Product Errata RHSA-2020:0339 0 None None None 2020-02-04 13:12:06 UTC
Red Hat Product Errata RHSA-2020:0543 0 None None None 2020-02-18 14:43:50 UTC
Red Hat Product Errata RHSA-2020:0661 0 None None None 2020-03-03 10:04:20 UTC
Red Hat Product Errata RHSA-2020:0740 0 None None None 2020-03-09 14:31:57 UTC
Red Hat Product Errata RHSA-2020:0831 0 None None None 2020-03-17 10:38:02 UTC
Red Hat Product Errata RHSA-2020:0834 0 None None None 2020-03-17 16:16:46 UTC
Red Hat Product Errata RHSA-2020:0839 0 None None None 2020-03-17 16:17:54 UTC
Red Hat Product Errata RHSA-2020:1347 0 None None None 2020-04-07 09:33:55 UTC
Red Hat Product Errata RHSA-2020:1353 0 None None None 2020-04-07 09:16:45 UTC
Red Hat Product Errata RHSA-2020:1465 0 None None None 2020-04-14 17:40:25 UTC
Red Hat Product Errata RHSA-2020:1473 0 None None None 2020-04-14 14:52:08 UTC
Red Hat Product Errata RHSA-2020:1524 0 None None None 2020-04-22 07:35:14 UTC

Description Marian Rehak 2019-10-21 11:16:21 UTC
A flaw was found in the Linux kernels implementation of RealTek wireless drivers Wifi-direct (or wifi peer-to-peer) driver implementation.  

When the RealTek wireless networking hardware. is configured to accept Wifi-Direct (or Wifi P2P) connections an attacker within wireless network connectivity radio range is able to exploit a flaw in the Wifi-direct protocol known as "Notice of Absense" by creating specially crafted frames which can corrupt kernel memory as the upper bounds on the lenth of the frame is unchecked and supplied by the incoming packet.

At this time, Red Hat Enterprise Linux 6 and 7 and 8 do not enable Wifi-Direct by default, but a privileged user can use standard command line tooling available to enable this feature allowing it to be attacked.

Comment 1 Marian Rehak 2019-10-21 11:16:42 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1763692]

Comment 11 Marian Rehak 2019-11-25 13:08:19 UTC
Hello!

The information seems to check out, thank you very much for this improvement!

Comment 14 errata-xmlrpc 2020-02-04 08:52:05 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:0328 https://access.redhat.com/errata/RHSA-2020:0328

Comment 15 errata-xmlrpc 2020-02-04 13:12:02 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:0339 https://access.redhat.com/errata/RHSA-2020:0339

Comment 16 Product Security DevOps Team 2020-02-04 14:09:35 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-17666

Comment 18 errata-xmlrpc 2020-02-18 14:43:46 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.5 Extended Update Support

Via RHSA-2020:0543 https://access.redhat.com/errata/RHSA-2020:0543

Comment 20 errata-xmlrpc 2020-03-03 10:04:16 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Advanced Update Support

Via RHSA-2020:0661 https://access.redhat.com/errata/RHSA-2020:0661

Comment 23 errata-xmlrpc 2020-03-09 14:31:54 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:0740 https://access.redhat.com/errata/RHSA-2020:0740

Comment 24 errata-xmlrpc 2020-03-17 10:37:57 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:0831 https://access.redhat.com/errata/RHSA-2020:0831

Comment 25 errata-xmlrpc 2020-03-17 16:16:42 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:0834 https://access.redhat.com/errata/RHSA-2020:0834

Comment 26 errata-xmlrpc 2020-03-17 16:17:49 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:0839 https://access.redhat.com/errata/RHSA-2020:0839

Comment 28 errata-xmlrpc 2020-04-07 09:16:37 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise MRG 2

Via RHSA-2020:1353 https://access.redhat.com/errata/RHSA-2020:1353

Comment 29 errata-xmlrpc 2020-04-07 09:33:47 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support
  Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.4 Telco Extended Update Support

Via RHSA-2020:1347 https://access.redhat.com/errata/RHSA-2020:1347

Comment 30 errata-xmlrpc 2020-04-14 14:52:05 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Advanced Update Support
  Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.3 Telco Extended Update Support

Via RHSA-2020:1473 https://access.redhat.com/errata/RHSA-2020:1473

Comment 31 errata-xmlrpc 2020-04-14 17:40:22 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2020:1465 https://access.redhat.com/errata/RHSA-2020:1465

Comment 33 errata-xmlrpc 2020-04-22 07:35:11 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2020:1524 https://access.redhat.com/errata/RHSA-2020:1524


Note You need to log in before you can comment on or make changes to this bug.