The vulnerability affects Linux versions through 5.3.6, according to
The vulnerability is a heap buffer overflow issue that resides in the “
“rtl_p2p_noa_ie in drivers/net/wireless/
The issue affects a feature called the Notice of Absence protocol implemented in the “
“The Notice of Absence (NoA) protocol allows a P2P GO to announce time intervals, referred to as absence periods, where P2P Clients are not allowed to access the channel, regardless of whether they are in power save or in active mode. In this way, a P2P GO can autonomously decide to power down its radio to save energy.” reads a paper on
The expert noticed that the driver fails to correctly handle Notice of Absence packets.
“Nicolas Waisman noticed that even though noa_len is checked for a compatible
An attacker could use packets with incorrect length to trigger the flaw and cause the system to crash.
An unauthenticated attacker could trigger the flaw only if he is within the radio range of the target device.
“The vulnerability triggers an overflow, which means it could make Linux crash or if a proper exploit is written (which is not trivial), an attacker could obtain remote code-execution,” Waisman explained to the Threatpost.
The Linux kernel team has already developed a fix that is currently under revision, it has not yet been included into the Linux kernel.
(SecurityAffairs – Linux Kernel, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.