Debian Long Term Support / LTS Security Information / 2023 / Security Information -- DLA-3380-1 firmware-nonfree

Debian Security Advisory

DLA-3380-1 firmware-nonfree -- LTS security update

Date Reported:

01 Apr 2023

Affected Packages:

firmware-nonfree

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 844056, Bug 877667, Bug 903437, Bug 919452, Bug 919632, Bug 927286, Bug 927917, Bug 928510, Bug 928631, Bug 928672, Bug 931930, Bug 935969, Bug 947356, Bug 956224, Bug 962972, Bug 963025, Bug 963558, Bug 964028, Bug 966025, Bug 968272, Bug 969000, Bug 971791, Bug 975726, Bug 977042, Bug 980101, Bug 982579, Bug 982757, Bug 983255, Bug 983561, Bug 984489, Bug 984852, Bug 984874, Bug 985740, Bug 985743, Bug 991500, Bug 992551, Bug 999825, Bug 1006500, Bug 1006638, Bug 1009316, Bug 1009618, Bug 1014651, Bug 1015728, Bug 1016058, Bug 1019847, Bug 1020962.
In Mitre's CVE dictionary: CVE-2020-12362, CVE-2020-12363, CVE-2020-12364, CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2021-23168, CVE-2021-23223, CVE-2021-37409, CVE-2021-44545, CVE-2022-21181.

More information:

The firmware-nonfree package has been updated to include addtional firmware that may be requested by some drivers in Linux 5.10, availble for Debian LTS as backported kernel.

Some of the updated firmware files adresses security vulnerabilities, which may allow Escalation of Privileges, Denial of Services and Information Disclosures.

• CVE-2020-24586

  (INTEL-SA-00473)

  The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.

• CVE-2020-24587

  (INTEL-SA-00473)

  The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.

• CVE-2020-24588

  (INTEL-SA-00473)

  The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.

• CVE-2021-23168

  (INTEL-SA-00621)

  Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access.

• CVE-2021-23223

  (INTEL-SA-00621)

  Improper initialization for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access.

• CVE-2021-37409

  (INTEL-SA-00621)

  Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access.

• CVE-2021-44545

  (INTEL-SA-00621)

  Improper input validation for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access.

• CVE-2022-21181

  (INTEL-SA-00621)

  Improper input validation for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access.

  The following advisories are also fixed by this upload, but needs an updated Linux kernel to load the updated firmware:

• CVE-2020-12362

  (INTEL-SA-00438)

  Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access.

• CVE-2020-12363

  (INTEL-SA-00438)

  Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.

• CVE-2020-12364

  (INTEL-SA-00438)

  Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.

For Debian 10 buster, these problems have been fixed in version 20190114+really20220913-0+deb10u1.

We recommend that you upgrade your firmware-nonfree packages.

For the detailed security status of firmware-nonfree please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firmware-nonfree

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS