Potential security vulnerabilities in some Intel® PROSet/Wireless WiFi and Killer™ WiFi products may allow escalation of privilege, denial of service or information disclosure.** **Intel is releasing firmware and software updates to mitigate these potential vulnerabilities.
CVEID: CVE-2021-33113
Description: Improper input validation for some Intel® PROSet/Wireless WiFi in multiple operating systems and Killer™ WiFi in Windows 10 & 11 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access.
CVSS Base Score: 7.1 High
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
CVEID: CVE-2021-33115
Description: Improper input validation for some Intel® PROSet/Wireless WiFi in UEFI may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVSS Base Score: 6.8 Medium
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVEID: CVE-2021-33114
Description: Improper input validation for some Intel® PROSet/Wireless WiFi in multiple operating systems and Killer™ WiFi in Windows 10 & 11 may allow an authenticated user to potentially enable denial of service via adjacent access.
CVSS Base Score: 4.8 Medium
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Intel® PROSet/Wireless Wi-Fi products with Windows WiFi drivers before version 22.80, or UEFI WiFi drivers before version 1.2.8.21337:
Killer™ Wi-Fi products with drivers before version 3.1021.733.0:
Windows:
Intel recommends updating Intel® PROSet/Wireless WiFi to version 22.80 or later.
Updates are available for download at this location:
Intel recommends updating Killer™ WiFi to version 3.1021.733.0 or later.
<https://www.intel.com/content/www/us/en/download/19779/intel-killer-performance-suite.html>
UEFI:
Intel recommends updating UEFI WiFi drivers to version 1.2.8.21337 or later.
Please contact your OEM support group to obtain the correct driver version.
Chrome OS:
Intel® PROSet/Wireless WiFi drivers to mitigate these vulnerabilities are up streamed to Chromium.
For any Google Chrome OS solution and schedule, please contact Google directly.
Linux OS:
Intel® PROSet/Wireless WiFi drivers to mitigate these vulnerabilities are up streamed to Linux.
Consult the regular Open Source channels to obtain this update.
Intel would like to thank Hongjian Cao at Ant Security Frontage Lab for reporting CVE-2021-33114. The remaining issues were found internally by Intel employees.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.