You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to
Source: firmware-nonfree
Version: 20230625-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <te...@security.debian.org>
Hi,
The following vulnerabilities were published for firmware-nonfree.
They are addressed in the linux-firmware/20231211 upstream version.
CVE-2023-35061[0]:
| Improper initialization for some Intel(R) PROSet/Wireless and
| Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow
| an unauthenticated user to potentially enable information disclosure
| via adjacent access.
CVE-2023-34983[1]:
| Improper input validation for some Intel(R) PROSet/Wireless and
| Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow
| an unauthenticated user to potentially enable denial of service via
| adjacent access.
CVE-2023-33875[2]:
| Improper access control for some Intel(R) PROSet/Wireless and
| Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow
| an unauthenticated user to potentially enable denial of service via
| local access..
CVE-2023-32651[3]:
| Improper validation of specified type of input for some Intel(R)
| PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before
| version 22.240 may allow an unauthenticated user to potentially
| enable denial of service via adjacent access.
CVE-2023-32644[4]:
| Protection mechanism failure for some Intel(R) PROSet/Wireless and
| Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow
| an unauthenticated user to potentially enable denial of service via
| adjacent access.
CVE-2023-32642[5]:
| Insufficient adherence to expected conventions for some Intel(R)
| PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before
| version 22.240 may allow an unauthenticated user to potentially
| enable denial of service via adjacent access.
CVE-2023-28720[6]:
| Improper initialization for some Intel(R) PROSet/Wireless and
| Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow
| an unauthenticated user to potentially enable denial of service via
| adjacent access..
CVE-2023-28374[7]:
| Improper input validation for some Intel(R) PROSet/Wireless and
| Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow
| an unauthenticated user to potentially enable denial of service via
| adjacent access.
CVE-2023-26586[8]:
| Uncaught exception for some Intel(R) PROSet/Wireless and Intel(R)
| Killer(TM) Wi-Fi software before version 22.240 may allow an
| unauthenticated user to potentially enable denial of service via
| adjacent access.
CVE-2023-25951[9]:
| Improper input validation for some Intel(R) PROSet/Wireless and
| Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow a
| privileged user to potentially enable escalation of privilege via
| local access.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.