Unpatched Linux bug may open devices to serious attacks over Wi-Fi

by
Dan Goodin
from Ars Technica - All content on (#4SRWY)
wi-fi-800x474.jpg

Enlarge (credit: Wi-Fi Alliance)

A potentially serious vulnerability in Linux may make it possible for nearby devices to use Wi-Fi signals to crash or fully compromise vulnerable machines, a security researcher said.

The flaw is located in the RTLWIFI driver, which is used to support Realtek Wi-Fi chips in Linux devices. The vulnerability triggers a buffer overflow in the Linux kernel when a machine with a Realtek Wi-Fi chip is within radio range of a malicious device. At a minimum, exploits would cause an operating-system crash and could possibly allow a hacker to gain complete control of the computer. The flaw dates back to version 3.10.1 of the Linux kernel released in 2013.

"The bug is serious," Nico Waisman, who is a principal security engineer at Github, told Ars. "It's a vulnerability that triggers an overflow remotely through Wi-Fi on the Linux kernel, as long as you're using the Realtek (RTLWIFI) driver."

Read 8 remaining paragraphs | Comments

index?i=cDt0bBL4StY:LI-dBRfLe8o:V_sGLiPB index?i=cDt0bBL4StY:LI-dBRfLe8o:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments