Can Nearby Wi‑Fi Devices Exploit a Linux Realtek Driver Flaw?

Vulnerability Overview

A buffer‑overflow vulnerability (CVE‑2019‑17666) exists in the Linux rtlwifi driver, which implements support for Realtek Wi‑Fi chipsets. The overflow is triggered when the kernel processes a specially crafted vendor‑specific information element that is embedded in a Wi‑Fi Direct “absent‑notification” (power‑save) frame. Because the frame is received over the air, the exploit can be launched remotely without any user interaction, provided that Wi‑Fi is enabled on the target device.

Affected Components

Linux kernel rtlwifi driver (used for Realtek 802.11 chips).

All kernel versions from 3.10.1 (released in 2013) up to the latest unpatched release.

Any Linux system – including desktop, server, and Android devices – that uses a Realtek Wi‑Fi adapter and has the wireless interface enabled.

Technical Details

The driver parses vendor‑specific information elements in beacon and probe‑response frames into a fixed‑size stack buffer. The malicious frame supplies a length value that exceeds the buffer size, causing a classic stack‑based overflow. The overflow can corrupt adjacent kernel data structures and, in theory, allow an attacker to execute arbitrary code with kernel privileges. The attack vector relies on Wi‑Fi Direct’s power‑save “absent‑notification” mechanism, which permits two devices to communicate without an access point. By injecting the crafted element into a Wi‑Fi beacon, the vulnerable driver is triggered as soon as the frame is received.

Impact

Immediate kernel panic or system crash (denial of service).

Potential remote code execution (RCE) with full kernel privileges, enabling complete compromise of the affected host.

Mitigation and Fix

A fix that adds proper bounds checking to the vendor‑specific element parsing was submitted to the mainline kernel and is expected to be merged in the upcoming release cycle. Distributions will need to back‑port the patch to their stable branches. Until the patch is widely available, the recommended mitigations are:

Disable Wi‑Fi on systems that do not require wireless connectivity.

Use Wi‑Fi adapters from manufacturers other than Realtek.

No public proof‑of‑concept exploit has been released, and both Realtek and Google have not commented on the issue.