The Software Engineering Institute CERT/CC has issued an advisory note on a vulnerability (CVE-2019-6496) in Marvell Avastar wireless system on a chip (SoC) models.
The affected SoC models – 88W8787, 88W8797, 88W8801, and 88W8897 – can suffer an overflow condition, resulting in overwriting certain block pool data structures due to a block pool memory overflow, according to the CERT/CC.
An attack can transpire if a malicious actor within Wi-Fi range uses a series of specially crafted Wi-Fi frames to execute arbitrary code on a system running on one of the vulnerable processors. This could allow the attacker to use the compromised SoC to intercept network traffic or achieve code execution on the host system.
Marvell has issued a patch that was implemented through its usual firmware and driver updates. In addition, Microsoft issued an update to Surface Pro 3 devices on Windows 10 Creators Update, version 1703 or greater.
Other precautions that can be taken would be to restrict access to the Wi-Fi range around possibly vulnerable devices or to turn off a device’s wireless connectivity and instead connect the device using an Ethernet cable.