The vulnerability which resides in the rtlwifi driver that mainly supports the Realtek Wi-Fi chips model used in Linux devices, could allow attackers compromise a system using nearby Wi-Fi devices.
CVE-2019-17666: Short Technical Description
The flaw is assigned the CVE-2019-17666 identifier, and has been classified as critical in severity. As already mentioned, the bug exists in the rtlwifi driver, a software component which allows specific Realtek Wi-Fi modules, used in Linux devices, to communicate with the Linux operating system.
A buffer overflow attack would occur when a process or a specific program attempts to write more data in buffer or block of memory than the actual buffer is allocated to hold the data. Such an attack could trigger a response that damages files, changes data or exposes private information, alter the data, and sometimes open the backdoor for attackers.
The vulnerability was discovered by security researcher Nicolas Waisman who “noticed that even though noa_len is checked for a compatible length it’s still possible to overrun the buffers of p2pinfo since there’s no check on the upper bound of noa_num.”