Source: firmware-nonfree X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerabilities were published for firmware-nonfree, all fixed in linux-firmware/20230804 : CVE-2022-27635[0]: | Improper access control for some Intel(R) PROSet/Wireless WiFi and | Killer(TM) WiFi software may allow a privileged user to potentially | enable escalation of privilege via local access. CVE-2022-36351[1]: | Improper input validation in some Intel(R) PROSet/Wireless WiFi and | Killer(TM) WiFi software may allow an unauthenticated user to | potentially enable denial of service via adjacent access. CVE-2022-38076[2]: | Improper input validation in some Intel(R) PROSet/Wireless WiFi and | Killer(TM) WiFi software may allow an authenticated user to | potentially enable escalation of privilege via local access. CVE-2022-40964[3]: | Improper access control for some Intel(R) PROSet/Wireless WiFi and | Killer(TM) WiFi software may allow a privileged user to potentially | enable escalation of privilege via local access. CVE-2022-46329[4]: | Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi | software may allow a privileged user to potentially enable | escalation of privilege via local access. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-27635 https://www.cve.org/CVERecord?id=CVE-2022-27635 [1] https://security-tracker.debian.org/tracker/CVE-2022-36351 https://www.cve.org/CVERecord?id=CVE-2022-36351 [2] https://security-tracker.debian.org/tracker/CVE-2022-38076 https://www.cve.org/CVERecord?id=CVE-2022-38076 [3] https://security-tracker.debian.org/tracker/CVE-2022-40964 https://www.cve.org/CVERecord?id=CVE-2022-40964 [4] https://security-tracker.debian.org/tracker/CVE-2022-46329 https://www.cve.org/CVERecord?id=CVE-2022-46329 Please adjust the affected versions in the BTS as needed.
