cbcvebase.

Debian Firmware-Nonfree vulnerabilities

36 known vulnerabilities affecting debian/firmware-nonfree.

Total CVEs
36
CISA KEV
0
Public exploits
3
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH7MEDIUM18LOW8

Vulnerabilities

Page 2 of 2
CVE-2022-36351P4MEDIUMCVSS 4.3fixed in firmware-nonfree 20240610-1 (forky)2022
CVE-2022-36351 [MEDIUM] CVE-2022-36351: firmware-nonfree - Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) W... Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 20240610-1) sid: resolved (fixed in 20240610-1) trixie: resolved (fixed in 20240610-1)
debian
CVE-2024-24984P4MEDIUMCVSS 6.8fixed in firmware-nonfree 20240610-1 (forky)2024
CVE-2024-24984 [MEDIUM] CVE-2024-24984: firmware-nonfree - Improper input validation for some Intel(R) Wireless Bluetooth(R) products for W... Improper input validation for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.40 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 20240610-1) sid: resolved (fixed in 20240610-1) trixie: resolved (fixed in 20240610-1
debian
CVE-2021-44545P4MEDIUMCVSS 6.5fixed in firmware-nonfree 20220913-1 (bookworm)2021
CVE-2021-44545 [MEDIUM] CVE-2021-44545: firmware-nonfree - Improper input validation for some Intel(R) PROSet/Wireless WiFi and Killer(TM) ... Improper input validation for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access. Scope: local bookworm: resolved (fixed in 20220913-1) bullseye: open forky: resolved (fixed in 20220913-1) sid: resolved (fixed in 20220913-1) trixie: resolved (fixed i
debian
CVE-2020-24588P4LOWCVSS 3.5fixed in firmware-nonfree 20210818-1 (bookworm)2020
CVE-2020-24588 [LOW] CVE-2020-24588: firmware-nonfree - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) ... The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary networ
debian
CVE-2024-23198P4MEDIUMCVSS 6.8fixed in firmware-nonfree 20240610-1 (forky)2024
CVE-2024-23198 [MEDIUM] CVE-2024-23198: firmware-nonfree - Improper input validation in firmware for some Intel(R) PROSet/Wireless Software... Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 20240610-1) sid: resolved (fixed in 20240610-1) trixie: resolved
debian
CVE-2025-32735P4LOWCVSS 6.8fixed in firmware-nonfree 20251011-1 (forky)2025
CVE-2025-32735 [MEDIUM] CVE-2025-32735: firmware-nonfree - Improper conditions check in some firmware for some Intel(R) NPU Drivers within ... Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present with
debian
CVE-2021-23168P4MEDIUMCVSS 6.5fixed in firmware-nonfree 20220913-1 (bookworm)2021
CVE-2021-23168 [MEDIUM] CVE-2021-23168: firmware-nonfree - Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi pr... Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access. Scope: local bookworm: resolved (fixed in 20220913-1) bullseye: open forky: resolved (fixed in 20220913-1) sid: resolved (fixed in 20220913-1) trixie: resolved (fixed in 20220
debian
CVE-2025-26405P4LOWCVSS 5.1fixed in firmware-nonfree 20250410-1 (forky)2025
CVE-2025-26405 [MEDIUM] CVE-2025-26405: firmware-nonfree - Improper control of dynamically-managed code resources for some Intel(R) NPU Dri... Improper control of dynamically-managed code resources for some Intel(R) NPU Drivers within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are n
debian
CVE-2024-28049P4MEDIUMCVSS 6.8fixed in firmware-nonfree 20240610-1 (forky)2024
CVE-2024-28049 [MEDIUM] CVE-2024-28049: firmware-nonfree - Improper input validation in firmware for some Intel(R) PROSet/Wireless Software... Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi wireless products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 20240610-1) sid: resolved (fixed in 20240610-1) trixie:
debian
CVE-2020-12363P4MEDIUMCVSS 5.5fixed in firmware-nonfree 20210208-1 (bookworm)2020
CVE-2020-12363 [MEDIUM] CVE-2020-12363: firmware-nonfree - Improper input validation in some Intel(R) Graphics Drivers for Windows* before ... Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. Scope: local bookworm: resolved (fixed in 20210208-1) bullseye: resolved (fixed in 20210208-1) forky: resolved (fixed in 20210208-
debian
CVE-2020-12364P4MEDIUMCVSS 5.5fixed in firmware-nonfree 20210208-1 (bookworm)2020
CVE-2020-12364 [MEDIUM] CVE-2020-12364: firmware-nonfree - Null pointer reference in some Intel(R) Graphics Drivers for Windows* before ver... Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. Scope: local bookworm: resolved (fixed in 20210208-1) bullseye: resolved (fixed in 20210208-1) forky: resolved (fixed in 2021
debian
CVE-2023-35061P4LOWCVSS 2.3fixed in firmware-nonfree 20240610-1 (forky)2023
CVE-2023-35061 [LOW] CVE-2023-35061: firmware-nonfree - Improper initialization for the Intel(R) PROSet/Wireless and Intel(R) Killer(TM)... Improper initialization for the Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 20240610-1) sid: resolved (fixed in 20240610-1) trixie: resolved (fixed i
debian
CVE-2023-47210P4MEDIUMCVSS 4.7fixed in firmware-nonfree 20240610-1 (forky)2023
CVE-2023-47210 [MEDIUM] CVE-2023-47210: firmware-nonfree - Improper input validation for some Intel(R) PROSet/Wireless WiFi software for li... Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 20240610-1) sid: resolved (fixed in 20240610-1) trixie: resolved (fixed in 20240610-1)
debian
CVE-2023-38417P4MEDIUMCVSS 4.3fixed in firmware-nonfree 20240610-1 (forky)2023
CVE-2023-38417 [MEDIUM] CVE-2023-38417: firmware-nonfree - Improper input validation for some Intel(R) PROSet/Wireless WiFi software before... Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 20240610-1) sid: resolved (fixed in 20240610-1) trixie: resolved (fixed in 20240610-1)
debian
CVE-2020-24587P4LOWCVSS 2.6fixed in firmware-nonfree 20210818-1 (bookworm)2020
CVE-2020-24587 [LOW] CVE-2020-24587: firmware-nonfree - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) ... The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renew
debian
CVE-2024-25563P4MEDIUMCVSS 4.6fixed in firmware-nonfree 20240610-1 (forky)2024
CVE-2024-25563 [MEDIUM] CVE-2024-25563: firmware-nonfree - Improper initialization in firmware for some Intel(R) PROSet/Wireless Software a... Improper initialization in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi before version 23.40 may allow a privileged user to potentially enable information disclosure via local access. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 20240610-1) sid: resolved (fixed in 20240610-1) trixie: resolved (f
debian
Debian Firmware-Nonfree vulnerabilities | cvebase