Update Intel Wireless Adapters driver: 27 beveiligings problemen ontdekt

Er zijn 27 beveiligingsproblemen ontdekt in de Intel® PROSet/Wireless Wi-Fi drivers!

De volgende kwetsbaarheden zijn ontdekt:

CVEID:  CVE-2021-0162 : Improper input validation in software – may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access

CVEID:  CVE-2021-0163 : Improper Validation of Consistency within input in software – may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access

CVEID:  CVE-2021-0161 : Improper input validation in firmware – may allow a privileged user to potentially enable escalation of privilege via local access

CVEID:  CVE-2021-0164 : Improper access control in firmware – may allow an unauthenticated user to potentially enable  escalation of privilege via local access

CVEID:  CVE-2021-0165 : Improper input validation in firmware – may allow an unauthenticated user to potentially enable denial of service via adjacent access

CVEID:  CVE-2021-0066 : Improper input validation in firmware – may allow an unauthenticated user to potentially enable escalation of privilege via local access

CVEID:  CVE-2021-0166 : Exposure of Sensitive Information to an Unauthorized Actor in firmware – may allow a privileged user to potentially enable escalation of privilege via local access

CVEID:  CVE-2021-0167 : Improper access control in software – may allow a privileged user to potentially enable escalation of privilege via local access

CVEID:  CVE-2021-0169 : Uncontrolled Search Path Element in software – may allow a privileged user to potentially enable escalation of privilege via local access

CVEID:  CVE-2021-0168 : Improper input validation in firmware – may allow a privileged user to potentially enable escalation of privilege via local access

CVEID:  CVE-2021-0170 : Exposure of Sensitive Information to an Unauthorized Actor in firmware – may allow an authenticated user to potentially enable information disclosure via local access.

CVEID:  CVE-2021-0171 : Improper access control in software – may allow an authenticated user to potentially enable information disclosure via local access

CVEID:  CVE-2021-0172 : Improper input validation in firmware – may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVEID:  CVE-2021-0173 : Improper Validation of Consistency within input in firmware – may allow a unauthenticated user to potentially enable denial of service via adjacent access

CVEID:  CVE-2021-0174 : Improper Use of Validation Framework in firmware – may allow a unauthenticated user to potentially enable denial of service via adjacent access.

CVEID:  CVE-2021-0175 : Improper Validation of Specified Index, Position, or Offset in Input in firmware – may allow an unauthenticated user to potentially enable denial of service via adjacent access

CVEID:  CVE-2021-0076 :  Improper Validation of Specified Index, Position, or Offset in Input in firmware – may allow a privileged user to potentially enable denial of service via local access.

CVEID:  CVE-2021-0176 : Improper input validation in firmware – may allow a privileged user to potentially enable denial of service via local access.

CVEID:  CVE-2021-0177 : Improper Validation of Consistency within input in software – may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVEID:  CVE-2021-0178 : Improper input validation in software – may allow an unauthenticated user to potentially enable denial of service via adjacent access

CVEID:  CVE-2021-0179 : Improper Use of Validation Framework in software – may allow an unauthenticated user to potentially enable denial of service via adjacent access

CVEID:  CVE-2021-0183 :  Improper Validation of Specified Index, Position, or Offset in Input in software – may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVEID:  CVE-2021-0072 : Improper input validation in firmware – may allow a privileged user to potentially enable information disclosure via local access

CVEID: CVE-2021-33110 : Improper input validation –  may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVEID:  CVE-2021-33113 : Improper input validation – may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access.

CVEID:  CVE-2021-33115 : Improper input validation – may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access

CVEID:  CVE-2021-33114 : Improper input validation – may allow an authenticated user to potentially enable denial of service via adjacent access

Getroffen producten:
Intel® PROSet/Wireless Wi-Fi-producten:

Intel® Wi-Fi 6E AX210
Intel® Wi-Fi 6 AX201
Intel® Wi-Fi 6 AX200
Intel® Wireless-AC 9560
Intel® Wireless-AC 9462
Intel® Wireless-AC 9461
Intel® Wireless-AC 9260
Intel® Dual Band Wireless-AC 8265
Intel® Dual Band Wireless-AC 8260
Intel® Dual Band Wireless-AC 3168
Intel® Wireless 7265 (Rev D) familie
Intel® Dual Band Wireless-AC 3165
Intel® AMT Wireless-producten:

Intel® Wi-Fi 6 AX210
Intel® Wi-Fi 6 AX201
Intel® Wi-Fi 6 AX200
Intel® Wireless-AC 9560
Intel® Wireless-AC 9260
Intel® Dual Band Wireless-AC 8265
Intel® Dual Band Wireless-AC 8260

Killer™ Wi-Fi-producten:

Killer™ Wi-Fi 6E AX1675
Killer™ Wi-Fi 6 AX1650
Killer™ Wireless-AC 1550

Aanbeveilingen:

Windows:

Intel raadt aan de Intel® PROSet/Wireless Wi-Fi-software bij te werken naar versie 22.80 of hoger.

https://www.intel.com/content/www/us/en/download/19351/windows-10-and-windows-11-wi-fi-drivers-for-intel-wireless-adapters.html

Intel raadt aan om de Killer™ Wi-Fi-software bij te werken naar versie 3.1021.733.0 of hoger.

https://www.intel.com/content/www/us/en/download/19779/intel-killer-performance-suite.html

bronnen :

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00581.html

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00582.html

Original release: 02/08/2022