Er zijn 27 beveiligingsproblemen ontdekt in de Intel® PROSet/Wireless Wi-Fi drivers!
De volgende kwetsbaarheden zijn ontdekt:
CVEID: CVE-2021-0162 : Improper input validation in software – may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access
CVEID: CVE-2021-0163 : Improper Validation of Consistency within input in software – may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access
CVEID: CVE-2021-0161 : Improper input validation in firmware – may allow a privileged user to potentially enable escalation of privilege via local access
CVEID: CVE-2021-0164 : Improper access control in firmware – may allow an unauthenticated user to potentially enable escalation of privilege via local access
CVEID: CVE-2021-0165 : Improper input validation in firmware – may allow an unauthenticated user to potentially enable denial of service via adjacent access
CVEID: CVE-2021-0066 : Improper input validation in firmware – may allow an unauthenticated user to potentially enable escalation of privilege via local access
CVEID: CVE-2021-0166 : Exposure of Sensitive Information to an Unauthorized Actor in firmware – may allow a privileged user to potentially enable escalation of privilege via local access
CVEID: CVE-2021-0167 : Improper access control in software – may allow a privileged user to potentially enable escalation of privilege via local access
CVEID: CVE-2021-0169 : Uncontrolled Search Path Element in software – may allow a privileged user to potentially enable escalation of privilege via local access
CVEID: CVE-2021-0168 : Improper input validation in firmware – may allow a privileged user to potentially enable escalation of privilege via local access
CVEID: CVE-2021-0170 : Exposure of Sensitive Information to an Unauthorized Actor in firmware – may allow an authenticated user to potentially enable information disclosure via local access.
CVEID: CVE-2021-0171 : Improper access control in software – may allow an authenticated user to potentially enable information disclosure via local access
CVEID: CVE-2021-0172 : Improper input validation in firmware – may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVEID: CVE-2021-0173 : Improper Validation of Consistency within input in firmware – may allow a unauthenticated user to potentially enable denial of service via adjacent access
CVEID: CVE-2021-0174 : Improper Use of Validation Framework in firmware – may allow a unauthenticated user to potentially enable denial of service via adjacent access.
CVEID: CVE-2021-0175 : Improper Validation of Specified Index, Position, or Offset in Input in firmware – may allow an unauthenticated user to potentially enable denial of service via adjacent access
CVEID: CVE-2021-0076 : Improper Validation of Specified Index, Position, or Offset in Input in firmware – may allow a privileged user to potentially enable denial of service via local access.
CVEID: CVE-2021-0176 : Improper input validation in firmware – may allow a privileged user to potentially enable denial of service via local access.
CVEID: CVE-2021-0177 : Improper Validation of Consistency within input in software – may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVEID: CVE-2021-0178 : Improper input validation in software – may allow an unauthenticated user to potentially enable denial of service via adjacent access
CVEID: CVE-2021-0179 : Improper Use of Validation Framework in software – may allow an unauthenticated user to potentially enable denial of service via adjacent access
CVEID: CVE-2021-0183 : Improper Validation of Specified Index, Position, or Offset in Input in software – may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVEID: CVE-2021-0072 : Improper input validation in firmware – may allow a privileged user to potentially enable information disclosure via local access
CVEID: CVE-2021-33110 : Improper input validation – may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVEID: CVE-2021-33113 : Improper input validation – may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access.
CVEID: CVE-2021-33115 : Improper input validation – may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access
CVEID: CVE-2021-33114 : Improper input validation – may allow an authenticated user to potentially enable denial of service via adjacent access
Getroffen producten:
Intel® PROSet/Wireless Wi-Fi-producten:
Intel® Wi-Fi 6E AX210
Intel® Wi-Fi 6 AX201
Intel® Wi-Fi 6 AX200
Intel® Wireless-AC 9560
Intel® Wireless-AC 9462
Intel® Wireless-AC 9461
Intel® Wireless-AC 9260
Intel® Dual Band Wireless-AC 8265
Intel® Dual Band Wireless-AC 8260
Intel® Dual Band Wireless-AC 3168
Intel® Wireless 7265 (Rev D) familie
Intel® Dual Band Wireless-AC 3165
Intel® AMT Wireless-producten:
Intel® Wi-Fi 6 AX210
Intel® Wi-Fi 6 AX201
Intel® Wi-Fi 6 AX200
Intel® Wireless-AC 9560
Intel® Wireless-AC 9260
Intel® Dual Band Wireless-AC 8265
Intel® Dual Band Wireless-AC 8260
Killer™ Wi-Fi-producten:
Killer™ Wi-Fi 6E AX1675
Killer™ Wi-Fi 6 AX1650
Killer™ Wireless-AC 1550
Aanbeveilingen:
Windows:
Intel raadt aan de Intel® PROSet/Wireless Wi-Fi-software bij te werken naar versie 22.80 of hoger.
Intel raadt aan om de Killer™ Wi-Fi-software bij te werken naar versie 3.1021.733.0 of hoger.
https://www.intel.com/content/www/us/en/download/19779/intel-killer-performance-suite.html
bronnen :
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00581.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00582.html
Original release: 02/08/2022