CVE-2019-16746

Q: What is the severity of CVE-2019-16746?

CVE-2019-16746 has a CVSS score of 9.8 (CRITICAL). This is a critical buffer overflow vulnerability in the Linux kernel's wireless networking subsystem (nl80211). Attackers can exploit it by sending specially crafted beacon frames to cause kernel memory corruption, potentially leading to system crashes or remote code execution. All Linux systems with wireless interfaces using affected kernel versions are vulnerable.

9.8 CRITICAL

📋 TL;DR

This is a critical buffer overflow vulnerability in the Linux kernel's wireless networking subsystem (nl80211). Attackers can exploit it by sending specially crafted beacon frames to cause kernel memory corruption, potentially leading to system crashes or remote code execution. All Linux systems with wireless interfaces using affected kernel versions are vulnerable.

💻 Affected Systems

Products:

Linux kernel

Versions: All versions through 5.2.17

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with wireless networking enabled; servers without wireless cards are not vulnerable.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges leading to complete system compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Kernel panic causing system crash and denial of service, potentially requiring physical access to reboot.

🟢

If Mitigated

System remains stable with proper patching; wireless interfaces may be temporarily unavailable during attack attempts.

🌐 Internet-Facing: MEDIUM - Requires wireless network access, but many internet-facing systems don't have wireless interfaces enabled.

🏢 Internal Only: HIGH - Internal wireless networks provide direct attack vectors; laptops and mobile devices are particularly vulnerable.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires proximity to target's wireless network; proof-of-concept code exists in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel 5.2.18 and later

Vendor Advisory: https://www.kernel.org/

Restart Required: Yes

Instructions:

1. Update kernel package using distribution's package manager (apt/yum/zypper). 2. Reboot system to load new kernel. 3. Verify kernel version is 5.2.18 or higher.

🔧 Temporary Workarounds

Disable wireless interfaces

linux

Turn off wireless networking on systems where it's not required

sudo ip link set wlan0 down
sudo rfkill block wifi

Network segmentation

all

Isolate wireless networks from critical systems using firewalls

🧯 If You Can't Patch

Disable wireless networking completely on affected systems
Implement strict network segmentation to isolate wireless networks

🔍 How to Verify

Check if Vulnerable:

Check kernel version: uname -r. If version is 5.2.17 or earlier, system is vulnerable if wireless is enabled.

Check Version:

uname -r

Verify Fix Applied:

After patching, verify kernel version is 5.2.18 or later with uname -r

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs in /var/log/kern.log
Wireless driver crash messages
System reboot events without normal shutdown

Network Indicators:

Unusual beacon frame patterns on wireless networks
Malformed 802.11 management frames

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "segfault") AND ("nl80211" OR "wireless" OR "wlan")

📊 Metadata

CVE ID: CVE-2019-16746

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: September 24, 2019

Last Updated: November 21, 2024

🔗 References

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html Mailing List,Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html Mailing List,Third Party Advisory
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html Third Party Advisory,VDB Entry
https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html Mailing List,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TASE2ESEZAER6DTZH3DJ4K2JNO46TVL7/
https://marc.info/?l=linux-wireless&m=156901391225058&w=2 Mailing List,Patch,Third Party Advisory
https://seclists.org/bugtraq/2019/Nov/11 Mailing List,Third Party Advisory
https://security.netapp.com/advisory/ntap-20191031-0005/ Third Party Advisory
https://usn.ubuntu.com/4183-1/ Third Party Advisory
https://usn.ubuntu.com/4186-1/ Third Party Advisory
https://usn.ubuntu.com/4209-1/ Third Party Advisory
https://usn.ubuntu.com/4210-1/ Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html Mailing List,Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html Mailing List,Third Party Advisory
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html Third Party Advisory,VDB Entry
https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html Mailing List,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TASE2ESEZAER6DTZH3DJ4K2JNO46TVL7/
https://marc.info/?l=linux-wireless&m=156901391225058&w=2 Mailing List,Patch,Third Party Advisory
https://seclists.org/bugtraq/2019/Nov/11 Mailing List,Third Party Advisory
https://security.netapp.com/advisory/ntap-20191031-0005/ Third Party Advisory
https://usn.ubuntu.com/4183-1/ Third Party Advisory
https://usn.ubuntu.com/4186-1/ Third Party Advisory
https://usn.ubuntu.com/4209-1/ Third Party Advisory
https://usn.ubuntu.com/4210-1/ Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html Third Party Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Debian Linux by Debian

Fedora by Fedoraproject

Leap by Opensuse

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Ubuntu Linux by Canonical

Ubuntu Linux by Canonical

Ubuntu Linux by Canonical

Ubuntu Linux by Canonical

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable wireless interfaces

Network segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities