Linux Kernel Buffer Underflow Vulnerability in RTL8187 Wireless Driver

A buffer underflow vulnerability has been identified in the Linux kernel's RTL8187 wireless driver. This issue arises because the driver does not properly validate the size of received packets before accessing the packet header. As a result, a truncated packet can cause a buffer underflow, leading to a read of memory before the start of the packet data, which can trigger a kernel panic. The vulnerability affects the RTL8187 and RTL8187B descriptor headers.

Impact

Exploitation of this vulnerability can cause a kernel panic, disrupting system operations by crashing the kernel.

Reproduction

The vulnerability can be reproduced by sending a truncated packet to a system running the affected Linux kernel version with the RTL8187 wireless driver. The driver will attempt to process the packet without proper length validation, leading to a buffer underflow and a subsequent kernel panic.

Remediation

Users can upgrade to the patched version of the Linux kernel, which includes the necessary length checks for the RTL8187 and RTL8187B descriptor headers. The patch is available in the Linux kernel stable tree.