CVE-2019-17666: Buffer Overflow

Published Oct 17, 2019
·
Updated

A flaw was found in the Linux kernel's implementation of the RealTek wireless drivers WiFi-direct (or WiFi peer-to-peer) driver implementation. When the RealTek wireless networking hardware is configured to accept WiFi-Direct or WiFi P2P connections, an attacker within the wireless network connectivity radio range can exploit a flaw in the WiFi-direct protocol known as "Notice of Absence" by creating specially crafted frames which can then corrupt kernel memory as the upper bounds on the length of the frame is unchecked and supplied by the incoming packet.

Other sources

A flaw was found in the Linux kernels implementation of RealTek wireless drivers Wifi-direct (or wifi peer-to-peer) driver implementation.

When the RealTek wireless networking hardware. is configured to accept Wifi-Direct (or Wifi P2P) connections an attacker within wireless network connectivity radio range is able to exploit a flaw in the Wifi-direct protocol known as "Notice of Absense" by creating specially crafted frames which can corrupt kernel memory as the upper bounds on the lenth of the frame is unchecked and supplied by the incoming packet.

At this time, Red Hat Enterprise Linux 6 and 7 and 8 do not enable Wifi-Direct by default, but a privileged user can use standard command line tooling available to enable this feature allowing it to be attacked.

Red Hat

Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the rtlp2pnoaie function in drivers/net/wireless/realtek/rtlwifi/ps.c. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system.

IBM

rtlp2pnoaie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.

Affected Software

30 affected componentsFixes available
redhat/kernel<0:2.6.32-754.29.1.el6
0:2.6.32-754.29.1.el6
redhat/kernel-rt<0:3.10.0-1062.18.1.rt56.1044.el7
0:3.10.0-1062.18.1.rt56.1044.el7
redhat/kernel-alt<0:4.14.0-115.18.1.el7a
0:4.14.0-115.18.1.el7a
redhat/kernel<0:3.10.0-1062.18.1.el7
0:3.10.0-1062.18.1.el7
redhat/kernel<0:3.10.0-327.85.1.el7
0:3.10.0-327.85.1.el7
redhat/kernel<0:3.10.0-514.74.1.el7
0:3.10.0-514.74.1.el7
redhat/kernel<0:3.10.0-693.65.1.el7
0:3.10.0-693.65.1.el7
redhat/kernel<0:3.10.0-862.48.1.el7
0:3.10.0-862.48.1.el7
redhat/kernel<0:3.10.0-957.48.1.el7
0:3.10.0-957.48.1.el7
redhat/kernel-rt<0:4.18.0-147.5.1.rt24.98.el8_1
0:4.18.0-147.5.1.rt24.98.el8_1
redhat/kernel<0:4.18.0-147.5.1.el8_1
0:4.18.0-147.5.1.el8_1
redhat/kernel<0:4.18.0-80.16.1.el8_0
0:4.18.0-80.16.1.el8_0
redhat/kernel-rt<1:3.10.0-693.65.1.rt56.663.el6
1:3.10.0-693.65.1.rt56.663.el6
IBM Data Risk Manager<=2.0.6
Linux Linux kernel<3.16.77
Linux Linux kernel>=3.17<4.4.199
Linux Linux kernel>=4.5<4.9.199
Linux Linux kernel>=4.10<4.14.152
Linux Linux kernel>=4.15<4.19.82
Linux Linux kernel>=4.20<5.2
Linux Linux kernel>=5.3<5.3.9
Debian Debian Linux=8.0
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=19.04
Canonical Ubuntu Linux=19.10
redhat/kernel<5.3.6
5.3.6
Google Android
debian/linux
5.10.223-15.10.257-16.1.170-36.1.174-16.12.86-16.12.90-27.0.10-17.0.12-2

Remediation

Patch Available

https://lkml.org/lkml/2019/10/16/1226

Event History

Oct 17, 2019
CVE Published
via MITRE·01:47 AM
Data Sourced
via MITRE·01:47 AM
Description
Oct 21, 2019
Data Sourced
via Red Hat·11:16 AM
DescriptionSeverityAffected Software
Jan 6, 2020
Data Sourced
via Android·12:00 AM
SeverityWeaknessAffected Software
Jan 11, 2024
Data Sourced
via Launchpad·11:23 PM
Description
May 23, 2026
Data Sourced
via Ubuntu·09:27 AM
RemedyDescriptionSeverityAffected Software
Jun 13, 2026
Data Sourced
via Debian·09:49 AM
DescriptionAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2019-17666?

CVE-2019-17666 has a severity rating of high due to its potential to allow unauthorized access to sensitive data or network resources.

2

How do I fix CVE-2019-17666?

To fix CVE-2019-17666, update the kernel to the latest version available as specified in the security patches provided by your distribution.

3

Which versions of the Linux kernel are affected by CVE-2019-17666?

CVE-2019-17666 affects various versions of the Linux kernel including 2.6.32, 3.10, and certain 4.x versions.

4

Can CVE-2019-17666 exploit be mitigated?

Mitigation for CVE-2019-17666 can be achieved by disabling WiFi-Direct functionality if it is not required.

5

Is there a public proof of concept for CVE-2019-17666?

Currently, there are no widely known public proofs of concept for CVE-2019-17666.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203