Debian Firmware-Nonfree vulnerabilities

CVE-2021-23168 [MEDIUM] CVE-2021-23168: firmware-nonfree - Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi pr... Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access. Scope: local bookworm: resolved (fixed in 20220913-1) bullseye: open forky: resolved (fixed in 20220913-1) sid: resolved (fixed in 20220913-1) trixie: resolved (fixed in 20220

CVE-2020-12362 [HIGH] CVE-2020-12362: firmware-nonfree - Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows ... Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. Scope: local bookworm: resolved (fixed in 20210208-1) bullseye: resolved (fixed in 20210208-1) forky: resolved (fixe

CVE-2020-12363 [MEDIUM] CVE-2020-12363: firmware-nonfree - Improper input validation in some Intel(R) Graphics Drivers for Windows* before ... Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. Scope: local bookworm: resolved (fixed in 20210208-1) bullseye: resolved (fixed in 20210208-1) forky: resolved (fixed in 20210208-

CVE-2020-12364 [MEDIUM] CVE-2020-12364: firmware-nonfree - Null pointer reference in some Intel(R) Graphics Drivers for Windows* before ver... Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. Scope: local bookworm: resolved (fixed in 20210208-1) bullseye: resolved (fixed in 20210208-1) forky: resolved (fixed in 2021

CVE-2020-24586 [LOW] CVE-2020-24586: firmware-nonfree - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) ... The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitra

CVE-2020-24588 [LOW] CVE-2020-24588: firmware-nonfree - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) ... The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary networ

CVE-2020-24587 [LOW] CVE-2020-24587: firmware-nonfree - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) ... The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renew

CVE-2018-5383 [MEDIUM] CVE-2018-5383: firmware-nonfree - Bluetooth firmware or operating system software drivers in macOS versions before... Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryptio

CVE-2017-0561 [CRITICAL] CVE-2017-0561: firmware-nonfree - A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enabl... A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. Ref

CVE-2017-9417 [CRITICAL] CVE-2017-9417: firmware-nonfree - Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code vi... Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue. Scope: local bookworm: resolved (fixed in 20180518-1) bullseye: resolved (fixed in 20180518-1) forky: resolved (fixed in 20180518-1) sid: resolved (fixed in 20180518-1) trixie: resolved (fixed in 20180518-1)

CVE-2017-13079 [MEDIUM] CVE-2017-13079: firmware-nonfree - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstal... Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients. Scope: local bookworm: resolved (fixed in 20180825-1) bullseye: resolved (fixed in 20180825-1) forky: resolve

CVE-2017-13080 [MEDIUM] CVE-2017-13080: firmware-nonfree - Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Tempora... Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. Scope: local bookworm: resolved (fixed in 20180825-1) bullseye: resolved (fixed in 20180825-1) forky: resolved (fixed in 20180825-1) sid: resolve

CVE-2017-13078 [MEDIUM] CVE-2017-13078: firmware-nonfree - Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Tempora... Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients. Scope: local bookworm: resolved (fixed in 20180825-1) bullseye: resolved (fixed in 20180825-1) forky: resolved (fixed in 20180825-1) sid: resolved

CVE-2017-13077 [MEDIUM] CVE-2017-13077: firmware-nonfree - Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Tran... Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. Scope: local bookworm: resolved (fixed in 20180825-1) bullseye: resolved (fixed in 20180825-1) forky: resolved (fixed in 20180825-1) si

CVE-2017-13081 [MEDIUM] CVE-2017-13081: firmware-nonfree - Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstal... Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients. Scope: local bookworm: resolved (fixed in 20180825-1) bullseye: resolved (fixed in 20180825-1) forky: resolv

CVE-2016-0801 [CRITICAL] CVE-2016-0801: firmware-nonfree - The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before ... The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029. Scope: local bookworm: resolved (fixed in 20180518-1) bullseye: r

CVE-2012-2619 [HIGH] CVE-2012-2619: firmware-nonfree - The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, As... The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element. Scope: local bookworm: resolved bullseye: resolved forky: res