Lucene search

K
mageiaGentoo FoundationMGASA-2017-0472
HistoryDec 28, 2017 - 4:16 p.m.

Updated nonfree firmwares fixes security issues and adds new hw support

2017-12-2816:16:56
Gentoo Foundation
advisories.mageia.org
29

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0.201

Percentile

96.4%

Updated nonfree firmwares fixes at least the following security issues: Broadcom firmware fixes: - dropping BRCM proprietary packets received over the air (CVE-2016-0801) - adding length checks for TDLS action frames (CVE-2017-0561) - adding length checks for WME IE (CVE-2017-9417) Iwlwifi firmware fixes: - The reinstallation of the Group Temporal key could be used for replay attacks (CVE-2017-13080) - The reinstallation of the Integrity Group Temporal key could be used for replay attacks (CVE-2017-13081) This update also adds updated firmwares: * ath10k, cxgb4, liquidio, mrvl, ql2400, ql2500, wilc1000 * Amd Polaris10-12, Intel BXT/SKL/KBL/CNL and new firmwares: * Amd Vega10 and Raven * Cavium nitrox * Intel CNL/GLK, IPU3, JeffersonPeak, ThunderPeak * Mellanox Spectrum * nVidia GP108 (GTX1030) * Qualcom Adreno &Venus;, imx SDMA, * Realtek rtl8822be in order to support new hardware supported by 4.14 series kernels.

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0.201

Percentile

96.4%