RCE flaw found in firmware of commonly used Wi-Fi chipset

News by Bradley Barth

ThreadX, a real-time operating system (RTOS) that serves as firmware for the Marvell Avastar Wi-Fi chipset, contains a major vulnerability that can enable remote code execution on affected systems, a researcher has reported.

ThreadX, a real-time operating system (RTOS) that serves as firmware for the Marvell Avastar Wi-Fi chipset, contains a major vulnerability that can enable remote code execution on affected systems, a researcher has reported.

Product lines that use Marvell Avastar and thus are potentially endangered by the vulnerability include the Sony PlayStation 4 and Xbox One gaming consoles, the Microsoft Surface (+Pro) tablet and laptop, Samsung’s Chromebook laptop/tablet and Galaxy J1 smartphones, and Valve SteamLink cast devices.

Embedi researcher Denis Selianin detailed the vulnerability in a 18 January company blog post that linked to a slide presentation from the November ZeroNights 2018 cyber-conference. Selianin identified the issue as a ThreadX block pool overflow condition that can be triggered whenever the device scans for available networks, without any user interaction or any knowledge of a Wi-Fi network name or passphrase/key – even when a device isn’t connected to a network. In essence, attackers can exploit the bug by overwriting code or function pointers pertaining to free blocks of memory.

According to Selianin’s presentation, ThreadX developer Express Logic was notified of the issue last May, but a fix is still in process. SC Media has reached out to Express Logic for comment.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event