Potential security vulnerabilities in some Intel® PROSet/Wireless Wi-Fi, Intel® Active Management Technology (Intel® AMT) Wireless and Killer™ Wi-Fi may allow escalation of privilege, denial of service or information disclosure.** **Intel is releasing firmware and software updates to mitigate these potential vulnerabilities.
CVEID: CVE-2021-0162
Description: Improper input validation in software for Intel® PROSet/Wireless Wi-Fi and Killer™ Wi-Fi in Windows 10 & 11 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVSS Base Score: 7.1 High
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
CVEID: CVE-2021-0163
Description: Improper Validation of Consistency within input in software for Intel® PROSet/Wireless Wi-Fi and Killer™ Wi-Fi in Windows 10 & 11 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVSS Base Score: 7.1 High
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
CVEID: CVE-2021-0161
Description: Improper input validation in firmware for Intel® PROSet/Wireless Wi-Fi in multiple operating systems and Killer™ Wi-Fi in Windows 10 & 11 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVEID: CVE-2021-0164
Description: Improper access control in firmware for Intel® PROSet/Wireless Wi-Fi in multiple operating systems and Killer™ Wi-Fi in Windows 10 & 11 may allow an unauthenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.5 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
CVEID: CVE-2021-0165
Description: Improper input validation in firmware for Intel® PROSet/Wireless Wi-Fi in multiple operating systems and Killer™ Wi-Fi in Windows 10 & 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVSS Base Score: 6.5 Medium
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVEID: CVE-2021-0066
Description: Improper input validation in firmware for Intel® PROSet/Wireless Wi-Fi in multiple operating systems and Killer™ Wi-Fi in Windows 10 & 11 may allow an unauthenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.2 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVEID: CVE-2021-0166
Description: Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel® PROSet/Wireless Wi-Fi in multiple operating systems and some Killer™ Wi-Fi in Windows 10 & 11 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.1 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N
CVEID: CVE-2021-0167
Description: Improper access control in software for Intel® PROSet/Wireless Wi-Fi and Killer™ Wi-Fi in Windows 10 & 11 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.0 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CVEID: CVE-2021-0169
Description: Uncontrolled Search Path Element in software for Intel® PROSet/Wireless Wi-Fi in Windows 10 & 11 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.0 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CVEID: CVE-2021-0168
Description: Improper input validation in firmware for some Intel® PROSet/Wireless Wi-Fi in multiple operating systems and some Killer™ Wi-Fi in Windows 10 & 11 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 5.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
CVEID: CVE-2021-0170
Description: Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel® PROSet/Wireless Wi-Fi in multiple operating systems and some Killer™ Wi-Fi in Windows 10 & 11 may allow an authenticated user to potentially enable information disclosure via local access.
CVSS Base Score: 5.5 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVEID: CVE-2021-0171
Description: Improper access control in software for Intel® PROSet/Wireless Wi-Fi and Killer™ Wi-Fi in Windows 10 & 11 may allow an authenticated user to potentially enable information disclosure via local access.
CVSS Base Score: 5.5 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVEID: CVE-2021-0172
Description: Improper input validation in firmware for some Intel® PROSet/Wireless Wi-Fi in multiple operating systems and some Killer™ Wi-Fi in Windows 10 & 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVSS Base Score: 5.3 Medium
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVEID: CVE-2021-0173
Description: Improper Validation of Consistency within input in firmware for some Intel® PROSet/Wireless Wi-Fi in multiple operating systems and some Killer™ Wi-Fi in Windows 10 & 11 may allow a unauthenticated user to potentially enable denial of service via adjacent access.
CVSS Base Score: 5.3 Medium
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVEID: CVE-2021-0174
Description: Improper Use of Validation Framework in firmware for some Intel® PROSet/Wireless Wi-Fi in multiple operating systems and some Killer™ Wi-Fi in Windows 10 & 11 may allow a unauthenticated user to potentially enable denial of service via adjacent access.
CVSS Base Score: 5.3 Medium
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVEID: CVE-2021-0175
Description: Improper Validation of Specified Index, Position, or Offset in Input in firmware for some Intel® PROSet/Wireless Wi-Fi in multiple operating systems and some Killer™ Wi-Fi in Windows 10 & 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVSS Base Score: 5.3 Medium
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVEID: CVE-2021-0076
Description: Improper Validation of Specified Index, Position, or Offset in Input in firmware for some Intel® PROSet/Wireless Wi-Fi in multiple operating systems and some Killer™ Wi-Fi in Windows 10 & 11 may allow a privileged user to potentially enable denial of service via local access.
CVSS Base Score: 5.1 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
CVEID: CVE-2021-0176
Description: Improper input validation in firmware for some Intel® PROSet/Wireless Wi-Fi in multiple operating systems and some Killer™ Wi-Fi in Windows 10 & 11 may allow a privileged user to potentially enable denial of service via local access.
CVSS Base Score: 5.1 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
CVEID: CVE-2021-0177
Description: Improper Validation of Consistency within input in software for Intel® PROSet/Wireless Wi-Fi and Killer™ Wi-Fi in Windows 10 & 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVSS Base Score: 4.7 Medium
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
CVEID: CVE-2021-0178
Description: Improper input validation in software for Intel® PROSet/Wireless Wi-Fi and Killer™ Wi-Fi in Windows 10 & 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVSS Base Score: 4.7 Medium
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
CVEID: CVE-2021-0179
Description: Improper Use of Validation Framework in software for Intel® PROSet/Wireless Wi-Fi and Killer™ Wi-Fi in Windows 10 & 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVSS Base Score: 4.7 Medium
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
CVEID: CVE-2021-0183
Description: Improper Validation of Specified Index, Position, or Offset in Input in software for some Intel® PROSet/Wireless Wi-Fi in multiple operating systems and some Killer™ Wi-Fi in Windows 10 & 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVSS Base Score: 4.7 Medium
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVEID: CVE-2021-0072
Description: Improper input validation in firmware for some Intel® PROSet/Wireless Wi-Fi in multiple operating systems and some Killer™ Wi-Fi in Windows 10 & 11 may allow a privileged user to potentially enable information disclosure via local access.
CVSS Base Score: 4.1 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Intel® PROSet/Wireless Wi-Fi products:
Intel® AMT Wireless products:
Killer™ Wi-Fi products:
Windows:
Intel recommends updating the Intel® PROSet/Wireless Wi-Fi software to version 22.60 or later.
Updates are available for download at these locations:
Intel® PROSet/Wireless Wi-Fi version 22.60 or later:
Intel recommends updating the Killer™ Wi-Fi software to version 3.0 (Production version) or later.
Updates for Killer™ products are available for download at this location:
<https://www.intel.com/content/www/us/en/download/19779/intel-killer-performance-suite.html>
UEFI:
Intel recommends updating the Wi-Fi drivers in UEFI to version 1.2.6 or later.
Please contact your OEM support group to obtain the correct driver version.
Chrome OS:
Intel® PROSet/Wireless Wi-Fi drivers to mitigate these vulnerabilities are up streamed to Chromium.
For any Google Chrome OS solution and schedule, please contact Google directly.
Linux OS:
Intel® PROSet/Wireless Wi-Fi drivers to mitigate these vulnerabilities are up streamed to Linux.
Consult the regular Open Source channels to obtain this update.
Recommendation for Intel® AMT Wireless products:
Intel recommends updating Intel® AMT Wireless products to the following versions.
Chipset/SoC
|
Mitigated Intel® AMT Version or higher
|
Device
—|—|—
11th Generation Intel® Core Processor****
|
15.0.35
|
Intel® Wi-Fi 6 AX210
Intel® Wi-Fi 6 AX201
Intel® Wi-Fi 6 AX200
10th Generation Intel® Core Processor****
|
14.1.60
|
Intel® Wi-Fi 6 AX201
Intel® Wi-Fi 6 AX200
9th Generation Intel® Core Processor****
|
12.0.85
|
Intel® Wireless-AC 9260
Intel® Wireless-AC 9560
Intel® Wi-Fi 6 AX200
8th Generation Intel® Core Processor****
|
12.0.85
|
Intel® Wireless-AC 9260
Intel® Wireless-AC 9560
Intel® Wi-Fi 6 AX200
7th Generation Intel® Core Processor
6th Generation Intel® Core Processor****
|
11.8.90
|
Intel® Dual Band Wireless-AC 8265
Intel® Dual Band Wireless-AC 8260
Intel recommends that users of Intel® vPRO® CSME WiFi products update to the latest version provided by the system manufacturer that addresses these issues.
These issues were found internally by Intel employees. Intel would like to thank Yaakov Cohen and Hareesh Khattri.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.