Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2023.5614
firmware-nonfree security update
3 October 2023
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: firmware-nonfree
Publisher: Debian
Operating System: Debian GNU/Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2022-46329 CVE-2022-40964 CVE-2022-38076
CVE-2022-36351 CVE-2022-27635 CVE-2022-4096
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2023/09/msg00043.html
Comment: CVSS (Max): 8.2 CVE-2022-46329 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
CVSS Source: NIST, [Intel Corporation]
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3596-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Tobias Frost
September 30, 2023 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : firmware-nonfree
Version : 20190114+really20220913-0+deb10u2
CVE ID : CVE-2022-27635 CVE-2022-36351 CVE-2022-38076 CVE-2022-40964
CVE-2022-46329
Debian Bug : 1051892
Intel released the INTEL-SA-00766 advisory about potential security
vulnerabilities in some Intel PROSet/Wireless WiFi and Killer WiFi products
may allow escalation of privilege or denial of service. The full advisory is
available at [1]
[1] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html
This updated firmware-nonfree package includes the following firmware files:
- Intel Bluetooth AX2xx series:
ibt-0041-0041.sfi
ibt-19-0-0.sfi
ibt-19-0-1.sfi
ibt-19-0-4.sfi
ibt-19-16-4.sfi
ibt-19-240-1.sfi
ibt-19-240-4.sfi
ibt-19-32-0.sfi
ibt-19-32-1.sfi
ibt-19-32-4.sfi
ibt-20-0-3.sfi
ibt-20-1-3.sfi
ibt-20-1-4.sfi
- Intel Wireless 22000 series
iwlwifi-Qu-b0-hr-b0-77.ucode
iwlwifi-Qu-b0-jf-b0-77.ucode
iwlwifi-Qu-c0-hr-b0-77.ucode
iwlwifi-Qu-c0-jf-b0-77.ucode
iwlwifi-QuZ-a0-hr-b0-77.ucode
iwlwifi-cc-a0-77.ucode
The updated firmware files might need updated kernel to work. It is encouraged
to verify whether the kernel loaded the updated firmware file and take
additional measures if needed.
CVE-2022-27635
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM)
WiFi software may allow a privileged user to potentially enable escalation of
privilege via local access.
CVE-2022-36351
Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM)
WiFi software may allow an unauthenticated user to potentially enable denial of
service via adjacent access.
CVE-2022-38076
Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM)
WiFi software may allow an authenticated user to potentially enable escalation
of privilege via local access.
CVE-2022-40964
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM)
WiFi software may allow a privileged user to potentially enable escalation of
privilege via local access.
CVE-2022-46329
Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software
may allow a privileged user to potentially enable escalation of privilege via
local access.
For Debian 10 buster, these problems have been fixed in version
20190114+really20220913-0+deb10u2.
We recommend that you upgrade your firmware-nonfree packages.
For the detailed security status of firmware-nonfree please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firmware-nonfree
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmUYeW0ACgkQkWT6HRe9
XTZShg//YEnsharAEOJESgGN5QN7/kbctQJB06BTVJch/iNJWYgQjh7PJRlIz/+9
EjN1Ratg00Bpn/9FzbzclYjfFlQr9FHxO+LFQ56i5TjorsU47kJLW2E/pbgApt0K
iuMfQOd9Qa51HtA+YVIPvYH24oFE0l/ksssWoxlbaaawF45ldDGp37+5UY74dSPh
jdc116HpW7zIb65tOftU8GMHc8H7PtM9ReWdJgnlWeugoao0/HANRo5LG+vb6kLo
a10Nfp6ewVg/W5TwTK6OOZeQ8e4T7bfEB9Q06KrzNhtlPKArm5dLSF+n3mUKYbyg
VljuXDfV+hmyQCIxGe7kypRlMvQLBNzMvEaJ1L52IIRlvt9/5dY5a2U7vK1/k25H
IDHVPOirlzDFqt3h4Cfn6yHIqNKrOXhrU4P1gyLHKwZw4i217eKjvUoUbYePnmEK
ULTgpBLjbMIYTnvAD1GdCVWGnibP7F52rQ+BTfwPGoF90Iz/ounoVWUiqEdWVKab
d2yh0Wf1h5aHUoOWqhnfBnPnboPE/t3NdjUdM+0oO2lr6LSb3WB3vMh4BWMS422s
lCAQlFdi8ZVlFmRRrB+52dNsr5PZY8VGAAXy9JvacDAGLgxBzlvU+BjbTB0J4bAq
c7t6qnKvrtqINYzKfvYShbKAiUApS4psqJmVpVAp44n0ycw13Hc=
=6keZ
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBZRt1FckNZI30y1K9AQjhShAAmvZBesqo3K79vYX3tM0YdMFyvw0frpWw
ASHIJ71EnkWY2L04gUrKjEl2NUayaaNxmDI33kGKoitSOAYQ+hcYmBfts/2H/bnP
NLhYg1Lu/IAh63fSJkKABHGOU+yPnRLZjH1uK4anl9GjJpO1N7qoZAMADxJJhdns
JXcpBNApoM+itfVWwoVnazQ75OJyuBDn0cHg8PrH8tr6sUzv6p3wRxo31IWN0QJ/
zQ5ACcjE7lWOjdFGoCo6y7wTTI5DIVho3qxDeMbpDQR2ahkUOFYHH1zTe+SlY2db
4KTFO6h05SZNCGyE5QdoCjAbkkeAiXP+mk4e8Sssxo3i7/FvQtq4bzwqzsef6BhC
fEGHeO1XX7QRtUe33Oad9NFpP8zP2NOl0xc3CSnKStZfJimZGEgEfiq6xBoNGQ2a
qvSjPAZTPiVM4qKK0ML472eiMVvcoLUeaTDCxCm8lwLlNbmPqi0hx9w8JMY6DtXx
aiWEtLTvBeVNUVl7KB6K2M6Hn6ehGD6wH7De5cc4vbxW7URfp258h4SaUQvqFKgU
0K+1jtLLFVH1xb2EIfcNPsF2nvhqOA7bFHrH9CH5wVG7a6/6skiPHl3JsImZaNog
pUvo6YRQPa4emkcXexXwhnAExWj37vYTtWDkQCPmj4zr6Mh4e+otjGt9tTV+qw2d
56spO9hhE6o=
=n9Dd
-----END PGP SIGNATURE-----