Marvell Avastar wireless SoCs have multiple vulnerabilities Vulnerability Note VU#730261

[Disco Bob]

Overview

 

Some Marvell Avastar wireless system on chip (SoC) models have multiple vulnerabilities, including a block pool overflow during Wi-Fi network scan.

 

Description

 

A presentation at the ZeroNights 2018 conference describes multiple security issues with Marvell Avastar SoCs (models 88W8787, 88W8797, 88W8801, and 88W8897). The presentation provides some detail about a block pool memory overflow. During Wi-Fi network scans, an overflow condition can be triggered, overwriting certain block pool data structures. Because many devices conduct automatic background network scans, this vulnerability could be exploited regardless of whether the target is connected to a Wi-Fi network and without user interaction.

 

Impact

 

An unauthenticated attacker within Wi-Fi radio range may be able to use a specially-crafted series of Wi-Fi frames execute arbitrary code on a system with a vulnerable Marvell SoC. Depending on implementation, the compromised SoC may then be used to intercept network traffic or achieve code execution on the host system.

 

Solution

 

Marvell issued a statement and encourages customers to contact their Marvell representative for additional support. Microsoft issued an update to Surface Pro 3 devices on Windows 10 Creators Update, version 1703 or greater. See also the Vendor Information section below.

Restrict physical access An attacker needs to be within Wi-Fi radio range of the target to exploit the block pool overflow. Restricting access to the area around vulnerable devices may limit an attacker's ability to exploit this vulnerability. Disable Wi-Fi For systems that have other connectivity options like wired ethernet, it may be possible and practical to disable Wi-Fi.

 

https://kb.cert.org/vuls/id/730261/