Intel® PROSet/Wireless and Intel® KillerTM Wi-Fi Software Advisory

Summary:

Potential security vulnerabilities in some Intel® PROSet/Wireless and Intel® Killer™ Wi-Fi software may allow escalation of privilege, information disclosure or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2023-33875

Description: Improper access control for some Intel® PROSet/Wireless and Intel® Killer™ Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via local access…

CVSS Base Score: 7.1 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CVEID: CVE-2023-28374

Description: Improper input validation for some Intel® PROSet/Wireless and Intel® Killer™ Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVSS Base Score: 6.1 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

CVEID: CVE-2023-28720

Description: Improper initialization for some Intel® PROSet/Wireless and Intel® Killer™ Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access…

CVSS Base Score: 6.1 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

CVEID: CVE-2023-25951

Description: Improper input validation for some Intel® PROSet/Wireless and Intel® Killer™ Wi-Fi software before version 22.240 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CVEID: CVE-2023-32642

Description: Insufficient adherence to expected conventions for some Intel® PROSet/Wireless and Intel® Killer™ Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVSS Base Score: 4.3 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVEID: CVE-2023-34983

Description: Improper input validation for some Intel® PROSet/Wireless and Intel® Killer™ Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVSS Base Score: 4.3 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVEID: CVE-2023-35061

Description: Improper initialization for some Intel® PROSet/Wireless and Intel® Killer™ Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.

CVSS Base Score: 4.3 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVEID: CVE-2023-32651

Description: Improper validation of specified type of input for some Intel® PROSet/Wireless and Intel® Killer™ Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVSS Base Score: 4.3 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVEID: CVE-2023-32644

Description: Protection mechanism failure for some Intel® PROSet/Wireless and Intel® Killer™ Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVSS Base Score: 4.3 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVEID: CVE-2023-26586

Description: Uncaught exception for some Intel® PROSet/Wireless and Intel® Killer™ Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVSS Base Score: 4.3 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

Intel® PROSet/Wireless Wi-Fi software before version 22.240. Intel® Killer™ Wi-Fi software before version3.1423.712

CVE ID	Affected Products	Affected OS
CVE-2023-33875

CVE-2023-28720

CVE-2023-32642

CVE-2023-32644

CVE-2023-34983 | Intel® Wi-Fi 6 AX200

Intel® Wi-Fi 6 AX201

Intel® Wi-Fi 6E AX210

Intel® Wi-Fi 6E AX211

Intel® Wi-Fi 6E AX411

Intel® Killer™ Wi-Fi 6 AX1650

Intel® Killer™ Wi-Fi 6E AX1675

Intel® Killer™ Wi-Fi 6E AX1690 | Windows 10 & 11
CVE-2023-35061 | Intel® Wi-Fi 6 AX200

Intel® Wi-Fi 6 AX201

Intel® Wi-Fi 6E AX210

Intel® Wi-Fi 6E AX211

Intel® Wi-Fi 6E AX411

Intel® Wireless-AC 9260

Intel® Wireless-AC 9560

Intel® Killer™ Wi-Fi 6 AX1650

Intel® Killer™ Wi-Fi 6E AX1675

Intel® Killer™ Wi-Fi 6E AX1690 | Windows 10 & 11

Linux

Chrome
CVE-2023-28374

CVE-2023-25951

CVE-2023-26586

CVE-2023-32651 | Intel® Wi-Fi 6E AX210

Intel® Wi-Fi 6E AX211

Intel® Wi-Fi 6E AX411

Intel® Killer™ Wi-Fi 6E AX1675

Intel® Killer™ Wi-Fi 6E AX1690 | Windows 10 & 11

Recommendation:

Windows:

Intel recommends updating Intel® PROSet/Wireless Wi-Fi software to version 22.240 or later.

Updates are available for download at this location:

<https://www.intel.com/content/www/us/en/secure/design/confidential/software-kits/kit-details.html?kitId=781804&gt;

Intel recommends updating Intel® Killer™ Wi-Fi software to version 3.1423.712 or later.

Updates for Intel® Killer™ products are available for download at this location:

<https://www.intel.com/content/www/us/en/secure/design/confidential/software-kits/kit-details.html?kitId=782847&gt;

Chrome OS:

Intel® PROSet/Wireless Wi-Fi drivers to mitigate this vulnerability will be up streamed to Chromium by September 19, 2023.

For any Google Chrome OS solution and schedule, please contact Google directly.

Linux OS:

Intel® PROSet/Wireless Wi-Fi drivers to mitigate this vulnerability will be up streamed by November 11, 2023.

Consult the regular open-source channels to obtain this update.

Acknowledgements:

These issues were found internally by Intel employees.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.