cbcvebase.

Debian Firmware-Nonfree vulnerabilities

36 known vulnerabilities affecting debian/firmware-nonfree.

Total CVEs
36
CISA KEV
0
Public exploits
3
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH7MEDIUM18LOW8

Vulnerabilities

Page 1 of 2
CVE-2018-5383P1MEDIUMCVSS 6.8ExploitedRansomwarefixed in firmware-nonfree 20190114-1 (bookworm)2018
CVE-2018-5383 [MEDIUM] CVE-2018-5383: firmware-nonfree - Bluetooth firmware or operating system software drivers in macOS versions before... Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryptio
debian
CVE-2017-9417P1CRITICALCVSS 9.8PoCfixed in firmware-nonfree 20180518-1 (bookworm)2017
CVE-2017-9417 [CRITICAL] CVE-2017-9417: firmware-nonfree - Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code vi... Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue. Scope: local bookworm: resolved (fixed in 20180518-1) bullseye: resolved (fixed in 20180518-1) forky: resolved (fixed in 20180518-1) sid: resolved (fixed in 20180518-1) trixie: resolved (fixed in 20180518-1)
debian
CVE-2017-0561P2CRITICALCVSS 9.8PoCfixed in firmware-nonfree 20180518-1 (bookworm)2017
CVE-2017-0561 [CRITICAL] CVE-2017-0561: firmware-nonfree - A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enabl... A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. Ref
debian
CVE-2016-0801P2CRITICALCVSS 9.8PoCfixed in firmware-nonfree 20180518-1 (bookworm)2016
CVE-2016-0801 [CRITICAL] CVE-2016-0801: firmware-nonfree - The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before ... The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029. Scope: local bookworm: resolved (fixed in 20180518-1) bullseye: r
debian
CVE-2022-21181P3HIGHCVSS 7.8fixed in firmware-nonfree 20220913-1 (bookworm)2022
CVE-2022-21181 [HIGH] CVE-2022-21181: firmware-nonfree - Improper input validation for some Intel(R) PROSet/Wireless WiFi and Killer(TM) ... Improper input validation for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access. Scope: local bookworm: resolved (fixed in 20220913-1) bullseye: open forky: resolved (fixed in 20220913-1) sid: resolved (fixed in 20220913-1) trixie: resolved (fixed in 202
debian
CVE-2020-12362P3HIGHCVSS 7.8fixed in firmware-nonfree 20210208-1 (bookworm)2020
CVE-2020-12362 [HIGH] CVE-2020-12362: firmware-nonfree - Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows ... Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. Scope: local bookworm: resolved (fixed in 20210208-1) bullseye: resolved (fixed in 20210208-1) forky: resolved (fixe
debian
CVE-2021-23223P3HIGHCVSS 7.8fixed in firmware-nonfree 20220913-1 (bookworm)2021
CVE-2021-23223 [HIGH] CVE-2021-23223: firmware-nonfree - Improper initialization for some Intel(R) PROSet/Wireless WiFi and Killer(TM) Wi... Improper initialization for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access. Scope: local bookworm: resolved (fixed in 20220913-1) bullseye: open forky: resolved (fixed in 20220913-1) sid: resolved (fixed in 20220913-1) trixie: resolved (fixed in 20220
debian
CVE-2022-38076P3LOWCVSS 3.8fixed in firmware-nonfree 20240610-1 (forky)2022
CVE-2022-38076 [LOW] CVE-2022-38076: firmware-nonfree - Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) W... Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 20240610-1) sid: resolved (fixed in 20240610-1) trixie: resolved (fixed in 20240610-1)
debian
CVE-2021-37409P3HIGHCVSS 7.8fixed in firmware-nonfree 20220913-1 (bookworm)2021
CVE-2021-37409 [HIGH] CVE-2021-37409: firmware-nonfree - Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) Wi... Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access. Scope: local bookworm: resolved (fixed in 20220913-1) bullseye: open forky: resolved (fixed in 20220913-1) sid: resolved (fixed in 20220913-1) trixie: resolved (fixed in 20220
debian
CVE-2017-13077P4MEDIUMCVSS 6.8fixed in firmware-nonfree 20180825-1 (bookworm)2017
CVE-2017-13077 [MEDIUM] CVE-2017-13077: firmware-nonfree - Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Tran... Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. Scope: local bookworm: resolved (fixed in 20180825-1) bullseye: resolved (fixed in 20180825-1) forky: resolved (fixed in 20180825-1) si
debian
CVE-2017-13079P4MEDIUMCVSS 5.3fixed in firmware-nonfree 20180825-1 (bookworm)2017
CVE-2017-13079 [MEDIUM] CVE-2017-13079: firmware-nonfree - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstal... Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients. Scope: local bookworm: resolved (fixed in 20180825-1) bullseye: resolved (fixed in 20180825-1) forky: resolve
debian
CVE-2023-4969P4MEDIUMCVSS 6.5fixed in firmware-nonfree 20240610-1 (forky)2023
CVE-2023-4969 [MEDIUM] CVE-2023-4969: firmware-nonfree - A GPU kernel can read sensitive data from another GPU kernel (even from another ... A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 20240610-1) sid: resolved (fixed in 20240610-1) trixie: resolved (fixed in 20240610-1)
debian
CVE-2017-13078P4MEDIUMCVSS 5.3fixed in firmware-nonfree 20180825-1 (bookworm)2017
CVE-2017-13078 [MEDIUM] CVE-2017-13078: firmware-nonfree - Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Tempora... Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients. Scope: local bookworm: resolved (fixed in 20180825-1) bullseye: resolved (fixed in 20180825-1) forky: resolved (fixed in 20180825-1) sid: resolved
debian
CVE-2017-13080P4MEDIUMCVSS 5.3fixed in firmware-nonfree 20180825-1 (bookworm)2017
CVE-2017-13080 [MEDIUM] CVE-2017-13080: firmware-nonfree - Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Tempora... Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. Scope: local bookworm: resolved (fixed in 20180825-1) bullseye: resolved (fixed in 20180825-1) forky: resolved (fixed in 20180825-1) sid: resolve
debian
CVE-2017-13081P4MEDIUMCVSS 5.3fixed in firmware-nonfree 20180825-1 (bookworm)2017
CVE-2017-13081 [MEDIUM] CVE-2017-13081: firmware-nonfree - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstal... Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients. Scope: local bookworm: resolved (fixed in 20180825-1) bullseye: resolved (fixed in 20180825-1) forky: resolv
debian
CVE-2025-26402P4LOWCVSS 6.8fixed in firmware-nonfree 20250410-1 (forky)2025
CVE-2025-26402 [MEDIUM] CVE-2025-26402: firmware-nonfree - Protection mechanism failure for some Intel(R) NPU Drivers within Ring 3: User A... Protection mechanism failure for some Intel(R) NPU Drivers within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special
debian
CVE-2022-46329P4HIGHCVSS 8.2fixed in firmware-nonfree 20240610-1 (forky)2022
CVE-2022-46329 [HIGH] CVE-2022-46329: firmware-nonfree - Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may... Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 20240610-1) sid: resolved (fixed in 20240610-1) trixie: resolved (fixed in 20240610-1)
debian
CVE-2022-27635P4HIGHCVSS 8.2fixed in firmware-nonfree 20240610-1 (forky)2022
CVE-2022-27635 [HIGH] CVE-2022-27635: firmware-nonfree - Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) Wi... Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 20240610-1) sid: resolved (fixed in 20240610-1) trixie: resolved (fixed in 20240610-1)
debian
CVE-2022-40964P4HIGHCVSS 7.9fixed in firmware-nonfree 20240610-1 (forky)2022
CVE-2022-40964 [HIGH] CVE-2022-40964: firmware-nonfree - Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) Wi... Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 20240610-1) sid: resolved (fixed in 20240610-1) trixie: resolved (fixed in 20240610-1)
debian
CVE-2020-24586P4LOWCVSS 3.5fixed in firmware-nonfree 20210818-1 (bookworm)2020
CVE-2020-24586 [LOW] CVE-2020-24586: firmware-nonfree - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) ... The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitra
debian
Debian Firmware-Nonfree vulnerabilities | cvebase