CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS
Percentile
100.0%
CentOS Errata and Security Advisory CESA-2018:0014
The linux-firmware packages contain all of the firmware files that are required by various devices to operate.
Security Fix(es):
Note: This is the microcode counterpart of the CVE-2017-5715 kernel mitigation.
Red Hat would like to thank Google Project Zero for reporting this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2018-January/084860.html
Affected packages:
iwl100-firmware
iwl1000-firmware
iwl105-firmware
iwl135-firmware
iwl2000-firmware
iwl2030-firmware
iwl3160-firmware
iwl3945-firmware
iwl4965-firmware
iwl5000-firmware
iwl5150-firmware
iwl6000-firmware
iwl6000g2a-firmware
iwl6000g2b-firmware
iwl6050-firmware
iwl7260-firmware
iwl7265-firmware
linux-firmware
Upstream details at:
https://access.redhat.com/errata/RHSA-2018:0014
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 7 | noarch | iwl1000-firmware | < 39.31.5.1-57.el7 | iwl1000-firmware-39.31.5.1-57.el7.noarch.rpm |
CentOS | 7 | noarch | iwl100-firmware | < 39.31.5.1-57.el7 | iwl100-firmware-39.31.5.1-57.el7.noarch.rpm |
CentOS | 7 | noarch | iwl105-firmware | < 18.168.6.1-57.el7 | iwl105-firmware-18.168.6.1-57.el7.noarch.rpm |
CentOS | 7 | noarch | iwl135-firmware | < 18.168.6.1-57.el7 | iwl135-firmware-18.168.6.1-57.el7.noarch.rpm |
CentOS | 7 | noarch | iwl2000-firmware | < 18.168.6.1-57.el7 | iwl2000-firmware-18.168.6.1-57.el7.noarch.rpm |
CentOS | 7 | noarch | iwl2030-firmware | < 18.168.6.1-57.el7 | iwl2030-firmware-18.168.6.1-57.el7.noarch.rpm |
CentOS | 7 | noarch | iwl3160-firmware | < 22.0.7.0-57.el7 | iwl3160-firmware-22.0.7.0-57.el7.noarch.rpm |
CentOS | 7 | noarch | iwl3945-firmware | < 15.32.2.9-57.el7 | iwl3945-firmware-15.32.2.9-57.el7.noarch.rpm |
CentOS | 7 | noarch | iwl4965-firmware | < 228.61.2.24-57.el7 | iwl4965-firmware-228.61.2.24-57.el7.noarch.rpm |
CentOS | 7 | noarch | iwl5000-firmware | < 8.83.5.1_1-57.el7 | iwl5000-firmware-8.83.5.1_1-57.el7.noarch.rpm |
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS
Percentile
100.0%