ALINUX2-SA-2024:0024: linux-firmware security update (Important)

Package updates are available for Alibaba Cloud Linux 2.1903 that fix the following vulnerabilities:

CVE-2022-27635:
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.

CVE-2022-36351:
Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVE-2022-38076:
Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2022-40964:
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.

CVE-2022-46329:
Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.

References

CVE-2022-27635SCORE:8.2/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-36351SCORE:4.3/CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2022-38076SCORE:3.8/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
CVE-2022-40964SCORE:7.9/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
CVE-2022-46329SCORE:8.2/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Updated Packages

noarch
- iwl100-firmware-39.31.5.1-83.1.al7.noarch.rpm → (download)
- iwl1000-firmware-39.31.5.1-83.1.al7.noarch.rpm → (download)
- iwl105-firmware-18.168.6.1-83.1.al7.noarch.rpm → (download)
- iwl135-firmware-18.168.6.1-83.1.al7.noarch.rpm → (download)
- iwl2000-firmware-18.168.6.1-83.1.al7.noarch.rpm → (download)
- iwl2030-firmware-18.168.6.1-83.1.al7.noarch.rpm → (download)
- iwl3160-firmware-25.30.13.0-83.1.al7.noarch.rpm → (download)
- iwl3945-firmware-15.32.2.9-83.1.al7.noarch.rpm → (download)
- iwl4965-firmware-228.61.2.24-83.1.al7.noarch.rpm → (download)
- iwl5000-firmware-8.83.5.1_1-83.1.al7.noarch.rpm → (download)
- iwl5150-firmware-8.24.2.2-83.1.al7.noarch.rpm → (download)
- iwl6000-firmware-9.221.4.1-83.1.al7.noarch.rpm → (download)
- iwl6000g2a-firmware-18.168.6.1-83.1.al7.noarch.rpm → (download)
- iwl6000g2b-firmware-18.168.6.1-83.1.al7.noarch.rpm → (download)
- iwl6050-firmware-41.28.5.1-83.1.al7.noarch.rpm → (download)
- iwl7260-firmware-25.30.13.0-83.1.al7.noarch.rpm → (download)
- linux-firmware-20200421-83.git78c0348.1.al7.noarch.rpm → (download)
src
- linux-firmware-20200421-83.git78c0348.1.al7.src.rpm → (download)

Alibaba Cloud Linux 2.1903 Security Advisory: ALINUX2-SA-2024:0024

Summary

Severity

Description

References

Updated Packages