Intel® Wireless Bluetooth® and Killer™ Bluetooth® Advisory

Summary:

Potential security vulnerabilities in some Intel® Wireless Bluetooth® and Killer™ Bluetooth® products may allow denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2021-33139

Description: Improper conditions check in firmware for some Intel® Wireless Bluetooth® and Killer™ Bluetooth® products before version 22.100 may allow an authenticated user to potentially enable denial of service via adjacent access.

CVSS Base Score: 5.7 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVEID: CVE-2021-33155

Description: Improper input validation in firmware for some Intel® Wireless Bluetooth® and Killer™ Bluetooth® products before version 22.100 may allow an authenticated user to potentially enable denial of service via adjacent access.

CVSS Base Score: 5.7 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

Intel® Wireless Bluetooth® and Killer™ Bluetooth® products with drivers before version 22.100:

• Intel® Wi-Fi 6 AX211
• Intel® Wi-Fi 6 AX210
• Intel® Wi-Fi 6 AX201
• Intel® Wi-Fi 6 AX200
• Intel® Wireless-AC 9560
• Intel® Wireless-AC 9462
• Intel® Wireless-AC 9461
• Intel® Wireless-AC 9260
• Intel® Dual Band Wireless-AC 8265
• Intel® Dual Band Wireless-AC 8260
• Intel® Dual Band Wireless-AC 3168
• Intel® Wireless 7265 (Rev D) Family
• Intel® Dual Band Wireless-AC 3165
• Killer™ Wi-Fi 6E AX1675
• Killer™ Wi-Fi 6 AX1650
• Killer™ Wireless-AC 1550

Recommendations:

Windows OS:

Intel recommends updating the affected Intel® Wireless Bluetooth® and Killer™ Bluetooth® products to version 22.100 or later.

Windows 10 and Windows 11 updates are available for download at this location:

<https://www.intel.com/content/www/us/en/download/18649/intel-wireless-bluetooth-for-windows-10-and-windows-11.html&gt;

---

Chrome OS:

Updates to mitigate these vulnerabilities are up streamed to Chromium.

For any Google Chrome OS solution and schedule, please contact Google directly.

Killer™ Products are not applicable for Chrome OS.

---

Linux OS:

Updates to mitigate these vulnerabilities are up streamed to Linux.

Consult the regular opensource channels to obtain this update.

Killer™ Products are not applicable for Linux OS.

Acknowledgements:

Intel would like to thank Matheus Eduardo Garbelini and Sudipta Chattopadhyay from the Singapore University of Technology and Design for reporting these issues.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.