The vulnerability affects Linux versions through 5.3.6, according to
The vulnerability is a heap buffer overflow issue that resides in the “
“rtl_p2p_noa_ie in drivers/net/wireless/
The issue affects a feature called the Notice of Absence protocol implemented in the “
“The Notice of Absence (NoA) protocol allows a P2P GO to announce time intervals, referred to as absence periods, where P2P Clients are not allowed to access the channel, regardless of whether they are in power save or in active mode. In this way, a P2P GO can autonomously decide to power down its radio to save energy.” reads a paper on
The expert noticed that the driver fails to correctly handle Notice of Absence packets.
“Nicolas Waisman noticed that even though noa_len is checked for a compatible
An attacker could use packets with incorrect length to trigger the flaw and cause the system to crash.
An unauthenticated attacker could trigger the flaw only if he is within the radio range of the target device.
“The vulnerability triggers an overflow, which means it could make Linux crash or if a proper exploit is written (which is not trivial), an attacker could obtain remote code-execution,” Waisman explained to the Threatpost.
The Linux kernel team has already developed a fix that is currently under revision, it has not yet been included into the Linux kernel.
(SecurityAffairs – Linux Kernel, hacking)