Source: firmware-nonfree Version: 20230625-2 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerabilities were published for firmware-nonfree. They are addressed in the linux-firmware/20231211 upstream version. CVE-2023-35061[0]: | Improper initialization for some Intel(R) PROSet/Wireless and | Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow | an unauthenticated user to potentially enable information disclosure | via adjacent access. CVE-2023-34983[1]: | Improper input validation for some Intel(R) PROSet/Wireless and | Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow | an unauthenticated user to potentially enable denial of service via | adjacent access. CVE-2023-33875[2]: | Improper access control for some Intel(R) PROSet/Wireless and | Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow | an unauthenticated user to potentially enable denial of service via | local access.. CVE-2023-32651[3]: | Improper validation of specified type of input for some Intel(R) | PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before | version 22.240 may allow an unauthenticated user to potentially | enable denial of service via adjacent access. CVE-2023-32644[4]: | Protection mechanism failure for some Intel(R) PROSet/Wireless and | Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow | an unauthenticated user to potentially enable denial of service via | adjacent access. CVE-2023-32642[5]: | Insufficient adherence to expected conventions for some Intel(R) | PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before | version 22.240 may allow an unauthenticated user to potentially | enable denial of service via adjacent access. CVE-2023-28720[6]: | Improper initialization for some Intel(R) PROSet/Wireless and | Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow | an unauthenticated user to potentially enable denial of service via | adjacent access.. CVE-2023-28374[7]: | Improper input validation for some Intel(R) PROSet/Wireless and | Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow | an unauthenticated user to potentially enable denial of service via | adjacent access. CVE-2023-26586[8]: | Uncaught exception for some Intel(R) PROSet/Wireless and Intel(R) | Killer(TM) Wi-Fi software before version 22.240 may allow an | unauthenticated user to potentially enable denial of service via | adjacent access. CVE-2023-25951[9]: | Improper input validation for some Intel(R) PROSet/Wireless and | Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow a | privileged user to potentially enable escalation of privilege via | local access. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-35061 https://www.cve.org/CVERecord?id=CVE-2023-35061 [1] https://security-tracker.debian.org/tracker/CVE-2023-34983 https://www.cve.org/CVERecord?id=CVE-2023-34983 [2] https://security-tracker.debian.org/tracker/CVE-2023-33875 https://www.cve.org/CVERecord?id=CVE-2023-33875 [3] https://security-tracker.debian.org/tracker/CVE-2023-32651 https://www.cve.org/CVERecord?id=CVE-2023-32651 [4] https://security-tracker.debian.org/tracker/CVE-2023-32644 https://www.cve.org/CVERecord?id=CVE-2023-32644 [5] https://security-tracker.debian.org/tracker/CVE-2023-32642 https://www.cve.org/CVERecord?id=CVE-2023-32642 [6] https://security-tracker.debian.org/tracker/CVE-2023-28720 https://www.cve.org/CVERecord?id=CVE-2023-28720 [7] https://security-tracker.debian.org/tracker/CVE-2023-28374 https://www.cve.org/CVERecord?id=CVE-2023-28374 [8] https://security-tracker.debian.org/tracker/CVE-2023-26586 https://www.cve.org/CVERecord?id=CVE-2023-26586 [9] https://security-tracker.debian.org/tracker/CVE-2023-25951 https://www.cve.org/CVERecord?id=CVE-2023-25951 Regards, Salvatore