Bug in Widespread Wi-Fi Chipset Firmware can Lead to Zero-Click Code Execution

Denis Selianin, a security researcher, discovered a zero-click code execution vulnerability in a popular Wi-Fi chipset that is used in a variety of devices. Marvell Avastar driver code is used to load proprietary ThreadX firmware to Wi-Fi SoC (System on Chip). Selianin discovered that the Wi-Fi system scans for networks every five minutes whether it is connected or not. He then demonstrated how during the scan, "an attacker could chain that exploit with an escalation of privilege vulnerability to execute code on the application processor of SteamLink, a desktop streaming device that sports the vulnerable Marvell Avastar Wi-Fi SoC." Marvell has since released an update and alerted users of the exploit advising them to update. This vulnerability is not known to have been exploited outside of a controlled environment.


Relevant URL(s): https://www.helpnetsecurity.com/2019/01/21/marvell-avastar-wi-fi-vulnerability/