Some Marvell Avastar wireless system on chip (SoC) models have multiple vulnerabilities, including a block pool overflow during Wi-Fi network scan.
A presentation at the ZeroNights 2018 conference describes multiple security issues with Marvell Avastar SoCs (models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997). The presentation provides some detail about a block pool memory overflow. During Wi-Fi network scans, an overflow condition can be triggered, overwriting certain block pool data structures. Because many devices conduct automatic background network scans, this vulnerability could be exploited regardless of whether the target is connected to a Wi-Fi network and without user interaction.
An unauthenticated attacker within Wi-Fi radio range may be able to use a specially-crafted series of Wi-Fi frames execute arbitrary code on a system with a vulnerable Marvell SoC. Depending on implementation, the compromised SoC may then be used to intercept network traffic or achieve code execution on the host system.
Marvell issued a statement and encourages customers to contact their Marvell representative for additional support. Microsoft issued an update to multiple Surface devices. See also the
Vendor Information section below.
Restrict physical access
This vulnerability was presented by Denis Selianin at the ZeroNights 2018 conference.
|Date First Published:||2019-02-05|
|Date Last Updated:||2019-04-19 17:53 UTC|