Out of bounds read in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable denial of service via local access.
{"prion": [{"lastseen": "2023-08-16T02:41:33", "description": "Out of bounds read in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable denial of service via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-18T20:15:00", "type": "prion", "title": "CVE-2021-26950", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26950"], "modified": "2022-08-19T18:39:00", "id": "PRION:CVE-2021-26950", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-26950", "cvss": {"score": 1.7, "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P"}}], "hp": [{"lastseen": "2023-05-27T15:02:22", "description": "Intel has informed HP of potential security vulnerabilities identified in some Intel\u00ae Wireless Bluetooth\u00ae and Killer\u2122 Bluetooth\u00ae products, which might allow escalation of privilege, denial of service, or information disclosure. Intel is releasing software and firmware updates to mitigate these potential vulnerabilities. \n\nIntel has released updates to mitigate the potential vulnerabilities. HP has identified affected platforms and corresponding SoftPaqs with minimum versions that mitigate the potential vulnerabilities. See the affected platforms listed below. \n", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "hp", "title": "Intel\u00ae Wireless Bluetooth\u00ae and Killer\u2122 Bluetooth\u00ae August 2022 Security Update", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-23179", "CVE-2021-26257", "CVE-2021-26950", "CVE-2021-33847"], "modified": "2022-11-14T00:00:00", "id": "HPSBHF03802", "href": "https://support.hp.com/us-en/document/ish_6654873-6654898-16/HPSBHF03802", "cvss": {"score": "7.9", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L/"}}], "intel": [{"lastseen": "2023-02-08T18:04:06", "description": "### Summary: \n\nPotential security vulnerabilities in some Intel\u00ae Wireless Bluetooth\u00ae and Killer\u2122 Bluetooth\u00ae products may allow escalation of privilege, denial of service or information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities.\n\n### Vulnerability Details:\n\nCVEID: [CVE-2021-33847](<https://vulners.com/cve/CVE-2021-33847>)\n\nDescription: Improper buffer restrictions in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 7.9 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L>)\n\nCVEID: [CVE-2021-26257](<https://vulners.com/cve/CVE-2021-26257>)\n\nDescription: Improper buffer restrictions in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable denial of service via local access.\n\nCVSS Base Score: 5.6 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H>)\n\nCVEID: [CVE-2021-26950](<https://vulners.com/cve/CVE-2021-26950>)\n\nDescription: Out of bounds read in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable denial of service via local access.\n\nCVSS Base Score: 5.6 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H>)\n\nCVEID: [CVE-2021-23179](<https://vulners.com/cve/CVE-2021-23179>)\n\nDescription: Out of bounds read in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow a privileged user to potentially enable information disclosure via local access.\n\nCVSS Base Score: 2.3 Low\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N>)\n\n### Affected Products:\n\nIntel\u00ae Wireless Bluetooth\u00ae products:\n\n * Intel\u00ae Wi-Fi 6 AX411\n * Intel\u00ae Wi-Fi 6 AX211\n * Intel\u00ae Wi-Fi 6 AX210\n * Intel\u00ae Wi-Fi 6 AX201\n * Intel\u00ae Wi-Fi 6 AX200\n * Intel\u00ae Wireless-AC 9560\n * Intel\u00ae Wireless-AC 9462\n * Intel\u00ae Wireless-AC 9461\n * Intel\u00ae Wireless-AC 9260\n * Intel\u00ae Dual Band Wireless-AC 8265\n * Intel\u00ae Dual Band Wireless-AC 8260\n * Intel\u00ae Dual Band Wireless-AC 3168\n * Intel\u00ae Wireless 7265 (Rev D) Family\n * Intel\u00ae Dual Band Wireless-AC 3165\n\nKiller\u2122 Bluetooth\u00ae products:\n\n * Killer\u2122 Wi-Fi 6E AX1690\n * Killer\u2122 Wi-Fi 6E AX1675 \n * Killer\u2122 Wi-Fi 6 AX1650\n * Killer\u2122 Wireless-AC 1550\n\n### Recommendations:\n\n**Windows OS:**\n\nIntel recommends updating the affected Intel\u00ae Wireless Bluetooth\u00ae and Killer\u2122 Bluetooth\u00ae products to version 22.120 or later.\n\nWindows 10 and Windows 11 updates are available for download at this location:\n\n<https://www.intel.com/content/www/us/en/download/18649/intel-wireless-bluetooth-for-windows-10-and-windows-11.html>\n\n### Acknowledgements:\n\nThe following issues were found internally by Intel employees.\n\nIntel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.\n", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "intel", "title": "Intel\u00ae Wireless Bluetooth\u00ae and Killer\u2122 Bluetooth\u00ae\u00a0Advisory", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-23179", "CVE-2021-26257", "CVE-2021-26950", "CVE-2021-33847"], "modified": "2022-08-09T00:00:00", "id": "INTEL:INTEL-SA-00628", "href": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00628.html", "cvss": {"score": 0.0, "vector": "NONE"}}]}
CVE-2021-26950
