CVE-2019-17666

Q: What is the severity of CVE-2019-17666?

CVE-2019-17666 has a CVSS score of 8.8 (HIGH). This vulnerability is a buffer overflow in the Linux kernel's Realtek wireless driver (rtlwifi) due to missing bounds checking in the rtl_p2p_noa_ie function. It allows attackers to execute arbitrary code or cause denial of service on affected systems. Systems running Linux kernels up to version 5.3.6 with Realtek wireless hardware are affected.

8.8 HIGH

📋 TL;DR

This vulnerability is a buffer overflow in the Linux kernel's Realtek wireless driver (rtlwifi) due to missing bounds checking in the rtl_p2p_noa_ie function. It allows attackers to execute arbitrary code or cause denial of service on affected systems. Systems running Linux kernels up to version 5.3.6 with Realtek wireless hardware are affected.

💻 Affected Systems

Products:

Linux kernel

Versions: Linux kernel versions through 5.3.6

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Realtek wireless hardware using the rtlwifi driver. Systems without Realtek wireless hardware or with the driver disabled are not vulnerable.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges leading to complete system compromise.

🟠

Likely Case

Kernel panic or system crash causing denial of service.

🟢

If Mitigated

Limited impact if wireless interfaces are disabled or properly firewalled.

🌐 Internet-Facing: MEDIUM - Requires wireless network access but can be exploited remotely over Wi-Fi.

🏢 Internal Only: HIGH - Internal attackers with wireless network access can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires wireless network access to the target system. The vulnerability is in kernel-space code, making exploitation more complex but feasible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel 5.3.7 and later

Vendor Advisory: https://access.redhat.com/errata/RHSA-2020:0328

Restart Required: Yes

Instructions:

1. Update Linux kernel to version 5.3.7 or later. 2. For Red Hat systems, apply security updates via 'yum update kernel'. 3. Reboot the system to load the patched kernel.

🔧 Temporary Workarounds

Disable Realtek wireless interface

linux

Disable the vulnerable wireless interface to prevent exploitation

sudo ip link set wlan0 down
sudo rfkill block wifi

Blacklist rtlwifi driver

linux

Prevent loading of the vulnerable driver

echo 'blacklist rtlwifi' | sudo tee /etc/modprobe.d/blacklist-rtlwifi.conf
sudo update-initramfs -u

🧯 If You Can't Patch

Disable wireless networking entirely on affected systems
Implement strict network segmentation to isolate wireless networks from critical systems

🔍 How to Verify

Check if Vulnerable:

Check kernel version with 'uname -r'. If version is 5.3.6 or earlier, check if Realtek wireless hardware is present with 'lspci | grep -i realtek' or 'lsusb | grep -i realtek'.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is 5.3.7 or later with 'uname -r'. Check that the system has been rebooted since kernel update.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
System crash dumps
Wireless driver error messages in dmesg

Network Indicators:

Unusual wireless traffic patterns
Malformed Wi-Fi packets targeting Realtek devices

SIEM Query:

source="kernel" AND ("panic" OR "oops") AND ("rtlwifi" OR "Realtek")

📊 Metadata

CVE ID: CVE-2019-17666

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: October 17, 2019

Last Updated: November 21, 2024

🔗 References

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html Mailing List,Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html Mailing List,Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0328 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0339 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0543 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0661 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0740 Third Party Advisory
https://arstechnica.com/information-technology/2019/10/unpatched-linux-flaw-may-let-attackers-crash-or-compromise-nearby-devices/ Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRBP4O6D2SQ2NHCRHTJONGCZLWOIV5MN/
https://lkml.org/lkml/2019/10/16/1226 Mailing List,Patch,Third Party Advisory
https://security.netapp.com/advisory/ntap-20191031-0005/ Third Party Advisory
https://twitter.com/nicowaisman/status/1184864519316758535 Third Party Advisory
https://usn.ubuntu.com/4183-1/ Third Party Advisory
https://usn.ubuntu.com/4184-1/ Third Party Advisory
https://usn.ubuntu.com/4185-1/ Third Party Advisory
https://usn.ubuntu.com/4186-1/ Third Party Advisory
https://usn.ubuntu.com/4186-2/ Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html Mailing List,Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html Mailing List,Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0328 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0339 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0543 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0661 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0740 Third Party Advisory
https://arstechnica.com/information-technology/2019/10/unpatched-linux-flaw-may-let-attackers-crash-or-compromise-nearby-devices/ Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRBP4O6D2SQ2NHCRHTJONGCZLWOIV5MN/
https://lkml.org/lkml/2019/10/16/1226 Mailing List,Patch,Third Party Advisory
https://security.netapp.com/advisory/ntap-20191031-0005/ Third Party Advisory
https://twitter.com/nicowaisman/status/1184864519316758535 Third Party Advisory
https://usn.ubuntu.com/4183-1/ Third Party Advisory
https://usn.ubuntu.com/4184-1/ Third Party Advisory
https://usn.ubuntu.com/4185-1/ Third Party Advisory
https://usn.ubuntu.com/4186-1/ Third Party Advisory
https://usn.ubuntu.com/4186-2/ Third Party Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Debian Linux by Debian

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Ubuntu Linux by Canonical

Ubuntu Linux by Canonical

Ubuntu Linux by Canonical

Ubuntu Linux by Canonical

Ubuntu Linux by Canonical

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Realtek wireless interface

Blacklist rtlwifi driver

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities