Vulnerability Management

RCE flaw found in firmware of commonly used Wi-Fi chipset

ThreadX, a real-time operating system (RTOS) that serves as firmware for the Marvell Avastar Wi-Fi chipset, contains a major vulnerability that can enable remote code execution on affected systems, a researcher has reported.

Product lines that use Marvell Avastar and thus are potentially endangered by the vulnerability include the Sony PlayStation 4 and Xbox One gaming consoles, the Microsoft Surface (+Pro) tablet and laptop, Samsung's Chromebook laptop/tablet and Galaxy J1 smartphones, and Valve SteamLink cast devices.

Embedi researcher Denis Selianin detailed the vulnerability in a Jan. 18 company blog post that linked to a slide presentation from the November ZeroNights 2018 cyber conference. Selianin identified the issue as a ThreadX block pool overflow condition that can be triggered whenever the device scans for available networks, without any user interaction or any knowledge of a Wi-Fi network name or passphrase/key – even when a device isn't connected to a network. In essence, attackers can exploit the bug by overwriting code or function pointers pertaining to free blocks of memory.

According to Selianin's presentation, ThreadX developer Express Logic was notified of the issue last May, but a fix is still in process. SC Media has reached out to Express Logic for comment.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.