Multiple vulnerabilities in Intel Wireless Bluetooth and Killer Bluetooth
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2021-33847 CVE-2021-26257 CVE-2021-26950 CVE-2021-23179 |
| CWE-ID | CWE-119 CWE-125 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Intel Wi-Fi 6 AX411 Hardware solutions / Firmware Intel Wi-Fi 6 AX211 Hardware solutions / Firmware Intel Wi-Fi 6 AX210 Hardware solutions / Firmware Intel Wi-Fi 6 AX201 Hardware solutions / Firmware Intel Wi-Fi 6 AX200 Hardware solutions / Firmware Intel Wireless-AC 9560 Hardware solutions / Firmware Intel Wireless-AC 9462 Hardware solutions / Firmware Intel Wireless-AC 9461 Hardware solutions / Firmware Intel Wireless-AC 9260 Hardware solutions / Firmware Intel Dual Band Wireless-AC 8265 Hardware solutions / Firmware Intel Dual Band Wireless-AC 8260 Hardware solutions / Firmware Intel Dual Band Wireless-AC 3168 Hardware solutions / Firmware Intel Wireless 7265 (Rev D) Family Hardware solutions / Firmware Intel Dual Band Wireless-AC 3165 Hardware solutions / Firmware Killer Wi-Fi 6E AX1690 Hardware solutions / Firmware Killer Wi-Fi 6E AX1675 Hardware solutions / Firmware Killer Wi-Fi 6 AX1650 Hardware solutions / Firmware Killer Wireless-AC 1550 Hardware solutions / Firmware |
| Vendor |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU66421
Risk: Low
CVSSv3.1: 6.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-33847
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in firmware. A local user can trigger memory corruption and gain elevated privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Wi-Fi 6 AX411: before 22.120
Intel Wi-Fi 6 AX211: before 22.120
Intel Wi-Fi 6 AX210: before 22.120
Intel Wi-Fi 6 AX201: before 22.120
Intel Wi-Fi 6 AX200: before 22.120
Intel Wireless-AC 9560: before 22.120
Intel Wireless-AC 9462: before 22.120
Intel Wireless-AC 9461: before 22.120
Intel Wireless-AC 9260: before 22.120
Intel Dual Band Wireless-AC 8265: before 22.120
Intel Dual Band Wireless-AC 8260: before 22.120
Intel Dual Band Wireless-AC 3168: before 22.120
Intel Wireless 7265 (Rev D) Family: before 22.120
Intel Dual Band Wireless-AC 3165: before 22.120
Killer Wi-Fi 6E AX1690: before 22.120
Killer Wi-Fi 6E AX1675: before 22.120
Killer Wi-Fi 6 AX1650: before 22.120
Killer Wireless-AC 1550: before 22.120
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00628.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU66423
Risk: Low
CVSSv3.1: 4.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26257
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in firmware. A local user can trigger memory corruption and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Wi-Fi 6 AX411: before 22.120
Intel Wi-Fi 6 AX211: before 22.120
Intel Wi-Fi 6 AX210: before 22.120
Intel Wi-Fi 6 AX201: before 22.120
Intel Wi-Fi 6 AX200: before 22.120
Intel Wireless-AC 9560: before 22.120
Intel Wireless-AC 9462: before 22.120
Intel Wireless-AC 9461: before 22.120
Intel Wireless-AC 9260: before 22.120
Intel Dual Band Wireless-AC 8265: before 22.120
Intel Dual Band Wireless-AC 8260: before 22.120
Intel Dual Band Wireless-AC 3168: before 22.120
Intel Wireless 7265 (Rev D) Family: before 22.120
Intel Dual Band Wireless-AC 3165: before 22.120
Killer Wi-Fi 6E AX1690: before 22.120
Killer Wi-Fi 6E AX1675: before 22.120
Killer Wi-Fi 6 AX1650: before 22.120
Killer Wireless-AC 1550: before 22.120
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00628.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU66424
Risk: Low
CVSSv3.1: 4.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-26950
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in firmware. A local user can trigger out-of-bounds read error and cause a denial of service condition on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Wi-Fi 6 AX411: before 22.120
Intel Wi-Fi 6 AX211: before 22.120
Intel Wi-Fi 6 AX210: before 22.120
Intel Wi-Fi 6 AX201: before 22.120
Intel Wi-Fi 6 AX200: before 22.120
Intel Wireless-AC 9560: before 22.120
Intel Wireless-AC 9462: before 22.120
Intel Wireless-AC 9461: before 22.120
Intel Wireless-AC 9260: before 22.120
Intel Dual Band Wireless-AC 8265: before 22.120
Intel Dual Band Wireless-AC 8260: before 22.120
Intel Dual Band Wireless-AC 3168: before 22.120
Intel Wireless 7265 (Rev D) Family: before 22.120
Intel Dual Band Wireless-AC 3165: before 22.120
Killer Wi-Fi 6E AX1690: before 22.120
Killer Wi-Fi 6E AX1675: before 22.120
Killer Wi-Fi 6 AX1650: before 22.120
Killer Wireless-AC 1550: before 22.120
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00628.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU66425
Risk: Low
CVSSv3.1: 2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-23179
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local userto gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in firmware. A local administrator can trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Wi-Fi 6 AX411: before 22.120
Intel Wi-Fi 6 AX211: before 22.120
Intel Wi-Fi 6 AX210: before 22.120
Intel Wi-Fi 6 AX201: before 22.120
Intel Wi-Fi 6 AX200: before 22.120
Intel Wireless-AC 9560: before 22.120
Intel Wireless-AC 9462: before 22.120
Intel Wireless-AC 9461: before 22.120
Intel Wireless-AC 9260: before 22.120
Intel Dual Band Wireless-AC 8265: before 22.120
Intel Dual Band Wireless-AC 8260: before 22.120
Intel Dual Band Wireless-AC 3168: before 22.120
Intel Wireless 7265 (Rev D) Family: before 22.120
Intel Dual Band Wireless-AC 3165: before 22.120
Killer Wi-Fi 6E AX1690: before 22.120
Killer Wi-Fi 6E AX1675: before 22.120
Killer Wi-Fi 6 AX1650: before 22.120
Killer Wireless-AC 1550: before 22.120
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00628.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
