Bug#1064229: firmware-nonfree: CVE-2023-35061 CVE-2023-34983 CVE-2023-33875 CVE-2023-32651 CVE-2023-32644 CVE-2023-32642 CVE-2023-28720 CVE-2023-28374 CVE-2023-26586 CVE-2023-25951

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1064229: firmware-nonfree: CVE-2023-35061 CVE-2023-34983 CVE-2023-33875 CVE-2023-32651 CVE-2023-32644 CVE-2023-32642 CVE-2023-28720 CVE-2023-28374 CVE-2023-26586 CVE-2023-25951
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 18 Feb 2024 20:45:07 +0100
Message-id: <[🔎] 170828550726.1149661.5924724578764331819.reportbug@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1064229@bugs.debian.org

Source: firmware-nonfree
Version: 20230625-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerabilities were published for firmware-nonfree.

They are addressed in the linux-firmware/20231211 upstream version.

CVE-2023-35061[0]:
| Improper initialization for some Intel(R) PROSet/Wireless and
| Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow
| an unauthenticated user to potentially enable information disclosure
| via adjacent access.


CVE-2023-34983[1]:
| Improper input validation for some Intel(R) PROSet/Wireless and
| Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow
| an unauthenticated user to potentially enable denial of service via
| adjacent access.


CVE-2023-33875[2]:
| Improper access control for some Intel(R) PROSet/Wireless and
| Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow
| an unauthenticated user to potentially enable denial of service via
| local access..


CVE-2023-32651[3]:
| Improper validation of specified type of input for some Intel(R)
| PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before
| version 22.240 may allow an unauthenticated user to potentially
| enable denial of service via adjacent access.


CVE-2023-32644[4]:
| Protection mechanism failure for some Intel(R) PROSet/Wireless and
| Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow
| an unauthenticated user to potentially enable denial of service via
| adjacent access.


CVE-2023-32642[5]:
| Insufficient adherence to expected conventions for some Intel(R)
| PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before
| version 22.240 may allow an unauthenticated user to potentially
| enable denial of service via adjacent access.


CVE-2023-28720[6]:
| Improper initialization for some Intel(R) PROSet/Wireless and
| Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow
| an unauthenticated user to potentially enable denial of service via
| adjacent access..


CVE-2023-28374[7]:
| Improper input validation for some Intel(R) PROSet/Wireless and
| Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow
| an unauthenticated user to potentially enable denial of service via
| adjacent access.


CVE-2023-26586[8]:
| Uncaught exception for some Intel(R) PROSet/Wireless and Intel(R)
| Killer(TM) Wi-Fi software before version 22.240 may allow an
| unauthenticated user to potentially enable denial of service via
| adjacent access.


CVE-2023-25951[9]:
| Improper input validation for some Intel(R) PROSet/Wireless and
| Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow a
| privileged user to potentially enable escalation of privilege via
| local access.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-35061
    https://www.cve.org/CVERecord?id=CVE-2023-35061
[1] https://security-tracker.debian.org/tracker/CVE-2023-34983
    https://www.cve.org/CVERecord?id=CVE-2023-34983
[2] https://security-tracker.debian.org/tracker/CVE-2023-33875
    https://www.cve.org/CVERecord?id=CVE-2023-33875
[3] https://security-tracker.debian.org/tracker/CVE-2023-32651
    https://www.cve.org/CVERecord?id=CVE-2023-32651
[4] https://security-tracker.debian.org/tracker/CVE-2023-32644
    https://www.cve.org/CVERecord?id=CVE-2023-32644
[5] https://security-tracker.debian.org/tracker/CVE-2023-32642
    https://www.cve.org/CVERecord?id=CVE-2023-32642
[6] https://security-tracker.debian.org/tracker/CVE-2023-28720
    https://www.cve.org/CVERecord?id=CVE-2023-28720
[7] https://security-tracker.debian.org/tracker/CVE-2023-28374
    https://www.cve.org/CVERecord?id=CVE-2023-28374
[8] https://security-tracker.debian.org/tracker/CVE-2023-26586
    https://www.cve.org/CVERecord?id=CVE-2023-26586
[9] https://security-tracker.debian.org/tracker/CVE-2023-25951
    https://www.cve.org/CVERecord?id=CVE-2023-25951

Regards,
Salvatore

Reply to:

Prev by Date: Bug#1064225: linux-headers-6.6.15-686-pae: dkms autoinstall on 6.6.15-686-pae/i686 failed for virtualbox
Next by Date: Processing of firmware-free_20200122-4_source.changes
Previous by thread: Bug#1064225: linux-headers-6.6.15-686-pae: dkms autoinstall on 6.6.15-686-pae/i686 failed for virtualbox
Next by thread: Processing of firmware-free_20200122-4_source.changes
Index(es):
- Date
- Thread