Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mageiaGentoo FoundationMGASA-2022-0065
HistoryFeb 15, 2022 - 11:50 p.m.

Updated nonfree firmware packages fix security vulnerabilities

2022-02-1523:50:31
Gentoo Foundation
advisories.mageia.org
12

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

26.5%

JSON

This update provides new and updated nonfree firmwares and fixes at least the following security issues: Improper input validation in firmware for Intel® PROSet/Wireless Wi-Fi may allow an unauthenticated user to potentially enable escalation of privilege via local access (CVE-2021-0066 / SA-00539). Improper input validation in firmware for some Intel® PROSet/Wireless Wi-Fi may allow a privileged user to potentially enable information disclosure via local access (CVE-2021-0072 / SA-00539). Improper Validation of Specified Index, Position, or Offset in Input in firmware for some Intel® PROSet/Wireless Wi-Fi may allow a privileged user to potentially enable denial of service via local access (CVE-2021-0076 / SA-00539). Improper input validation in firmware for Intel® PROSet/Wireless Wi-Fi may allow a privileged user to potentially enable escalation of privilege via local access (CVE-2021-0161, CVE-2021-0168 / SA-00539). Improper access control in firmware for Intel® PROSet/Wireless Wi-Fi may allow an unauthenticated user to potentially enable escalation of privilege via local access (CVE-2021-0164 / SA-00539). Improper input validation in firmware for Intel® PROSet/Wireless Wi-Fi may allow an unauthenticated user to potentially enable denial of service via adjacent access (CVE-2021-0165 / SA-00539). Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel® PROSet/Wireless Wi-Fi may allow a privileged user to potentially enable escalation of privilege via local access (CVE-2021-0166 / SA-00539). Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel® PROSet/Wireless Wi-Fi may allow an authenticated user to potentially enable information disclosure via local access (CVE-2021-0170 / SA-00539). Improper input validation in firmware for some Intel® PROSet/Wireless Wi-Fi may allow an unauthenticated user to potentially enable denial of service via adjacent access (CVE-2021-0172 / SA-00539). Improper Validation of Consistency within input in firmware for some Intel® PROSet/Wireless Wi-Fi may allow a unauthenticated user to potentially enable denial of service via adjacent access (CVE-2021-0173 / SA-00539). Improper Use of Validation Framework in firmware for some Intel® PROSet/ Wireless Wi-Fi may allow a unauthenticated user to potentially enable denial of service via adjacent access (CVE-2021-0174 / SA-00539). Improper Validation of Specified Index, Position, or Offset in Input in firmware for some Intel® PROSet/Wireless Wi-Fi may allow an unauthenticated user to potentially enable denial of service via adjacent access (CVE-2021-0175 / SA-00539). Improper input validation in firmware for some Intel® PROSet/Wireless Wi-Fi may allow a privileged user to potentially enable denial of service via local access (CVE-2021-0176 / SA-00539). Improper conditions check in firmware for some Intel® Wireless Bluetooth® products may allow an authenticated user to potentially enable denial of service via adjacent access (CVE-2021-33139 / SA-00604). Improper input validation in firmware for some Intel® Wireless Bluetooth® products may allow an authenticated user to potentially enable denial of service via adjacent access (CVE-2021-33155 / SA-00604). Full list of firmware changes/updates: * kernel-firmware-nonfree: - cnm: add chips&media; wave521c firmware - cxgb4: Update firmware to revision 1.26.6.0 - i915: Add DMC firmware v2.16 for ADL-P - marvell: add CPT firmware images - mediatek: add firmware for MT7916 - mediatek: update firmware for MT7915 - mediatek: update firmware for MT7921 bluetooth chip - mediatek: update firmware for MT7921 WiFi device - mediatek: Update MT8173 VPU firmware to v1.1.7 - Mellanox: Add new mlxsw_spectrum firmware xx.2010.1232 - QCA: Add Bluetooth nvm file for WCN685x - QCA: Update Bluetooth WCN685x 2.0 firmware to 2.0.0-00609 - QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00324 - WHENCE: add missing symlink for NanoPi R1 * iwlwifi-firmware: - add new FWs from core63-136 release - add new FWs from core66-88 release - update 9000-family firmwares to core66-88 - Update firmware file for Intel Bluetooth 9260, 9462, 9560, AX200, AX201, AX210, AX211 * radeon-firmware: - amdgpu: update yellow carp dmcub firmware * rtlwifi-firmware: - rtw88: 8822c: Update normal firmware to v9.9.11

Related

openvas 9
nessus 7
suse 2
intel 2
hp 2
nvd 16
debiancve 16
prion 16
cvelist 16
cve 16
ubuntucve 16
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0065)
2022-02-16 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:0721-1)
2022-03-05 00:00:00
openSUSE: Security Advisory for kernel-firmware (openSUSE-SU-2022:1065-1)
2022-04-01 00:00:00
nessus
nessus
SUSE SLES15 Security Update : kernel-firmware (SUSE-SU-2022:0721-1)
2022-03-05 00:00:00
SUSE SLED15 / SLES15 Security Update : kernel-firmware (SUSE-SU-2022:1065-1)
2022-04-01 00:00:00
openSUSE 15 Security Update : kernel-firmware (openSUSE-SU-2022:1065-1)
2022-04-01 00:00:00
suse
suse
Security update for kernel-firmware (important)
2022-03-31 00:00:00
Security update for kernel-firmware (important)
2022-06-02 00:00:00
intel
intel
Intel® PROSet/Wireless Wi-Fi, Intel® AMT Wireless and Killer™ Wi-Fi Software Advisory
2022-02-15 00:00:00
Intel® Wireless Bluetooth® and Killer™ Bluetooth® Advisory
2022-02-08 00:00:00
hp
hp
Intel Wireless Wi-Fi February 2022 Security Update
2022-02-08 00:00:00
Intel® Wireless Bluetooth® and Killer™ Bluetooth® February 2022 Security Updates
2022-02-08 00:00:00
nvd
nvd
CVE-2021-33155
2022-02-09 23:15:15
CVE-2021-33139
2022-02-09 23:15:15
CVE-2021-0161
2022-02-09 23:15:13
debiancve
debiancve
CVE-2021-33139
2022-02-09 23:15:00
CVE-2021-33155
2022-02-09 23:15:00
CVE-2021-0172
2022-02-09 23:15:00
prion
prion
Input validation
2022-02-09 23:15:00
Input validation
2022-02-09 23:15:00
Input validation
2022-02-09 23:15:00
cvelist
cvelist
CVE-2021-33155
2022-02-09 22:04:47
CVE-2021-33139
2022-02-09 22:04:44
CVE-2021-0164
2022-02-09 22:04:20
cve
cve
CVE-2021-33155
2022-02-09 23:15:15
CVE-2021-33139
2022-02-09 23:15:15
CVE-2021-0172
2022-02-09 23:15:14
ubuntucve
ubuntucve
CVE-2021-33155
2022-02-09 00:00:00
CVE-2021-33139
2022-02-09 00:00:00
CVE-2021-0172
2022-02-09 00:00:00

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

26.5%

JSON
Related for MGASA-2022-0065
openvas9nessus7suse2intel2hp2nvd16debiancve16prion16cvelist16cve16ubuntucve16