Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia 2022-0065 Security Update: Fixes For Important Firmware Issues

mageia
Calendar Grey February 15, 2022
Dist Mageia Esm H88
Mageia 2022-0066 rolls out a new nonfree firmware patch that mitigates several vulnerabilities related to potential unauthorized data breaches.
This update provides new and updated nonfree firmwares and fixes atleast the following security issues: Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi ma...

Summary

This update provides new and updated nonfree firmwares and fixes atleast the following security issues:
Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi may allow an unauthenticated user to potentially enable escalation of privilege via local access (CVE-2021-0066 / SA-00539).
Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi may allow a privileged user to potentially enable information disclosure via local access (CVE-2021-0072 / SA-00539).
Improper Validation of Specified Index, Position, or Offset in Input in firmware for some Intel(R) PROSet/Wireless Wi-Fi may allow a privileged user to potentially enable denial of service via local access (CVE-2021-0076 / SA-00539).
Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi may allow a privileged user to potentially enable escalation of privilege via local access (CVE-2021-0161, CVE-2021-0168 / SA-00539).
Improper access control in firmware for Intel(R) PROSet/Wi...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=30038

- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html

- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00604.html

- https://www.cve.org/CVERecord?id=CVE-2021-0066

- https://www.cve.org/CVERecord?id=CVE-2021-0072

- https://www.cve.org/CVERecord?id=CVE-2021-0076

- https://www.cve.org/CVERecord?id=CVE-2021-0161

- https://www.cve.org/CVERecord?id=CVE-2021-0164

- https://www.cve.org/CVERecord?id=CVE-2021-0165

- https://www.cve.org/CVERecord?id=CVE-2021-0166

- https://www.cve.org/CVERecord?id=CVE-2021-0168

- https://www.cve.org/CVERecord?id=CVE-2021-0170

- https://www.cve.org/CVERecord?id=CVE-2021-0172

- https://www.cve.org/CVERecord?id=CVE-2021-0173

- https://www.cve.org/CVERecord?id=CVE-2021-0174

- https://www.cve.org/CVERecord?id=CVE-2021-0175

- https://www.cve.org/CVERecord?id=CVE-2021-0176

- https://www.cve.org/CVERecord?id=CVE-2021-33139

- https://www.cve.org/CVERecord?id=CVE-2021-33155

Topics%20covered

Topics Covered

security advisory denial of service local access information disclosure firmware update Mageia escalation of privilege

Resolution

SRPMS

- 8/nonfree/kernel-firmware-nonfree-20220209-1.mga8.nonfree

- 8/nonfree/radeon-firmware-20220209-1.mga8.nonfree

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 15 Feb 2022
URL: https://advisories.mageia.org/MGASA-2022-0065.html
Type: security
CVE: CVE-2021-0066, CVE-2021-0072, CVE-2021-0076, CVE-2021-0161, CVE-2021-0164, CVE-2021-0165, CVE-2021-0166, CVE-2021-0168, CVE-2021-0170, CVE-2021-0172, CVE-2021-0173, CVE-2021-0174, CVE-2021-0175, CVE-2021-0176, CVE-2021-33139, CVE-2021-33155

Topics%20covered

Topics Covered

security advisory denial of service local access information disclosure firmware update Mageia escalation of privilege

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here