From ac84595f1d66d8a24f5ddfa66ebebafa69bafb25 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Sun, 20 Feb 2022 20:53:03 +0100 Subject: Track for now several of the INTEL-SA-00539 issues for firmware-nonfree Detail for now remain unclear but for INTEL-SA-00539 the advisory explicitly refers to firwmare present in the firmware-nonfree source. Details on which upstream version fixes it remain unclear. Link: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html --- data/CVE/2021.list | 88 ++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 66 insertions(+), 22 deletions(-) (limited to 'data/CVE/2021.list') diff --git a/data/CVE/2021.list b/data/CVE/2021.list index bb930e768a..f77420f909 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -70597,7 +70597,9 @@ CVE-2021-0185 CVE-2021-0184 RESERVED CVE-2021-0183 (Improper Validation of Specified Index, Position, or Offset in Input i ...) - TODO: check + - firmware-nonfree + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree CVE-2021-0182 (Uncontrolled resource consumption in the Intel(R) HAXM software before ...) NOT-FOR-US: Intel Hardware Accelerated Execution Manager CVE-2021-0181 @@ -70605,43 +70607,79 @@ CVE-2021-0181 CVE-2021-0180 (Uncontrolled resource consumption in the Intel(R) HAXM software before ...) NOT-FOR-US: Intel Hardware Accelerated Execution Manager CVE-2021-0179 (Improper Use of Validation Framework in software for Intel(R) PROSet/W ...) - TODO: check + - firmware-nonfree + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree CVE-2021-0178 (Improper input validation in software for Intel(R) PROSet/Wireless Wi- ...) - TODO: check + - firmware-nonfree + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree CVE-2021-0177 (Improper Validation of Consistency within input in software for Intel( ...) TODO: check CVE-2021-0176 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...) - TODO: check + - firmware-nonfree + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree CVE-2021-0175 (Improper Validation of Specified Index, Position, or Offset in Input i ...) - TODO: check + - firmware-nonfree + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree CVE-2021-0174 (Improper Use of Validation Framework in firmware for some Intel(R) PRO ...) - TODO: check + - firmware-nonfree + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree CVE-2021-0173 (Improper Validation of Consistency within input in firmware for some I ...) - TODO: check + - firmware-nonfree + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree CVE-2021-0172 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...) - TODO: check + - firmware-nonfree + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree CVE-2021-0171 (Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi ...) - TODO: check + - firmware-nonfree + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree CVE-2021-0170 (Exposure of Sensitive Information to an Unauthorized Actor in firmware ...) - TODO: check + - firmware-nonfree + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree CVE-2021-0169 (Uncontrolled Search Path Element in software for Intel(R) PROSet/Wirel ...) - TODO: check + - firmware-nonfree + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree CVE-2021-0168 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...) - TODO: check + - firmware-nonfree + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree CVE-2021-0167 (Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi ...) - TODO: check + - firmware-nonfree + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree CVE-2021-0166 (Exposure of Sensitive Information to an Unauthorized Actor in firmware ...) - TODO: check + - firmware-nonfree + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree CVE-2021-0165 (Improper input validation in firmware for Intel(R) PROSet/Wireless Wi- ...) - TODO: check + - firmware-nonfree + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree CVE-2021-0164 (Improper access control in firmware for Intel(R) PROSet/Wireless Wi-Fi ...) - TODO: check + - firmware-nonfree + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree CVE-2021-0163 (Improper Validation of Consistency within input in software for Intel( ...) - TODO: check + - firmware-nonfree + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree CVE-2021-0162 (Improper input validation in software for Intel(R) PROSet/Wireless Wi- ...) - TODO: check + - firmware-nonfree + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree CVE-2021-0161 (Improper input validation in firmware for Intel(R) PROSet/Wireless Wi- ...) - TODO: check + - firmware-nonfree + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree CVE-2021-0160 (Uncontrolled search path in some Intel(R) NUC Pro Chassis Element Aver ...) NOT-FOR-US: Intel CVE-2021-0159 @@ -70836,7 +70874,9 @@ CVE-2021-0078 (Improper input validation in software for some Intel(R) PROSet/Wi CVE-2021-0077 (Insecure inherited permissions in the installer for the Intel(R) VTune ...) NOT-FOR-US: Intel CVE-2021-0076 (Improper Validation of Specified Index, Position, or Offset in Input i ...) - TODO: check + - firmware-nonfree + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree CVE-2021-0075 (Out-of-bounds write in firmware for some Intel(R) PROSet/Wireless WiFi ...) NOT-FOR-US: Intel CVE-2021-0074 (Improper permissions in the installer for the Intel(R) Computing Impro ...) @@ -70844,7 +70884,9 @@ CVE-2021-0074 (Improper permissions in the installer for the Intel(R) Computing CVE-2021-0073 (Insufficient control flow management in Intel(R) DSA before version 20 ...) NOT-FOR-US: Intel CVE-2021-0072 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...) - TODO: check + - firmware-nonfree + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree CVE-2021-0071 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...) NOT-FOR-US: Intel CVE-2021-0070 (Improper input validation in the BMC firmware for Intel(R) Server Boar ...) @@ -70856,7 +70898,9 @@ CVE-2021-0068 CVE-2021-0067 ( Improper access control in system firmware for some Intel(R) ...) NOT-FOR-US: Intel CVE-2021-0066 (Improper input validation in firmware for Intel(R) PROSet/Wireless Wi- ...) - TODO: check + - firmware-nonfree + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html + TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree CVE-2021-0065 (Incorrect default permissions in the Intel(R) PROSet/Wireless WiFi sof ...) NOT-FOR-US: Intel CVE-2021-0064 (Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi so ...) -- cgit v1.2.3