Intel® PROSet/Wireless WiFi and Killer™ WiFi Software Advisory

Summary:

Potential security vulnerabilities in some Intel® PROSet/Wireless WiFi and Killer™ WiFi may allow escalation of privilege, denial of service or information disclosure.** **Intel is releasing firmware and software updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2021-0063

Description: Improper input validation in firmware for some Intel® PROSet/Wireless WiFi and Killer™ WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L

CVEID: CVE-2021-0078

Description: Improper input validation in software for some Intel® PROSet/Wireless WiFi and Killer™ WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access.

CVSS Base Score: 7.1 High

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

CVEID: CVE-2021-0071

Description: Improper input validation in firmware for some Intel® PROSet/Wireless WiFi in UEFI may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVEID: CVE-2021-0082

Description: Uncontrolled search path in software installer for Intel® PROSet/Wireless WiFi in Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

CVEID: CVE-2021-0064

Description: Insecure inherited permissions in the Intel® PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVEID: CVE-2021-0065

Description: Incorrect default permissions in the Intel® PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVEID: CVE-2021-0069

Description: Improper input validation in firmware for some Intel® PROSet/Wireless WiFi in multiple operating systems and some Killer™ WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVEID: CVE-2021-0075

Description: Out-of-bounds write in firmware for some Intel® PROSet/Wireless WiFi in multiple operating systems and some Killer™ WiFi in Windows 10 may allow a privileged user to potentially enable denial of service via local access.

CVSS Base Score: 5.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

CVEID: CVE-2021-0079

Description: Improper input validation in software for some Intel® PROSet/Wireless WiFi and Killer™ WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVSS Base Score: 4.7 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

CVEID: CVE-2021-0053

Description: Improper initialization in firmware for some Intel® PROSet/Wireless WiFi and Killer™ WiFi in Windows 10 may allow an authenticated user to potentially enable information disclosure via adjacent access.

CVSS Base Score: 4.6 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Affected Products:

Intel® PROSet/Wireless WiFi products:

• Intel® Wi-Fi 6E AX210

• Intel® Wi-Fi 6 AX201

• Intel® Wi-Fi 6 AX200

• Intel® Wireless-AC 9560

• Intel® Wireless-AC 9462

• Intel® Wireless-AC 9461

• Intel® Wireless-AC 9260

• Intel® Dual Band Wireless-AC 8265

• Intel® Dual Band Wireless-AC 8260

• Intel® Dual Band Wireless-AC 3168

• Intel® Wireless 7265 (Rev D) Family

• Intel® Dual Band Wireless-AC 3165

Killer™ WiFi products:

• Killer™ Wi-Fi 6E AX1675
• Killer™ Wi-Fi 6 AX1650
• Killer™ Wireless-AC 1550

Recommendations:

Windows:

Intel recommends updating Intel® PROSet/Wireless WiFi to version 22.40 or later.

Updates are available for download at these locations:

Intel® PROSet/Wireless WiFi driver:

<https://downloadcenter.intel.com/download/30434/Windows-10-Wi-Fi-Drivers-for-Intel-Wireless-Adapters&gt;

Intel recommends updating Killer™ WiFi to version 2.4.1541 or later.

Updates for Killer™ products are available for download at this location:

<https://downloadcenter.intel.com/download/30388/Intel-Killer-Performance-Suite&gt;

Chrome OS:

Intel® PROSet/Wireless WiFi drivers to mitigate these vulnerabilities will be up streamed to Chromium.

For any Google Chrome OS solution and schedule, please contact Google directly.

---

Linux OS:

Intel® PROSet/Wireless WiFi drivers to mitigate these vulnerabilities will be up streamed by August 10th, 2021.

Consult the regular Open Source channels to obtain this update.

Acknowledgements:

Intel would like to thank Domien Schepers for reporting CVE-2021-0053. All other issues were found internally by Intel employees. Intel would like to thank Julien Lenoir, Yaakov Cohen and Hareesh Khattri.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.