B426 Firmware Security Vulnerabilities

CVE-2023-52684

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: qseecom: fix memory leaks in error paths Fix instances of returning error codes directly instead of jumping to the relevant labels where memory allocated for the SCM calls would be freed. Mitigation...

CVE-2024-35800

In the Linux kernel, the following vulnerability has been resolved: efi: fix panic in kdump kernel Check if get_next_variable() is actually valid pointer before calling it. In kdump kernel this method is set to NULL that causes panic during the kexec-ed kernel boot. Tested with QEMU and OVMF...

CVE-2024-35803

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Call mixed mode boot services on the firmware's stack Normally, the EFI stub calls into the EFI boot services using the stack that was live when the stub was entered. According to the UEFI spec, this stack needs to be....

CVE-2024-27434

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK The firmware doesn't need the MFP flag for the GTK, it can even make the firmware crash. in case the AP is configured with: group cipher TKIP and MFPC. We would send the GTK...

CVE-2024-27413

In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeof(void) on 32-bit architectures is not enough for a 64-bit phys_addr_t: drivers/firmware/efi/capsule-loader.c: In function...

CVE-2023-52684

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: qseecom: fix memory leaks in error paths Fix instances of returning error codes directly instead of jumping to the relevant labels where memory allocated for the SCM calls would be...

CVE-2023-52684

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: qseecom: fix memory leaks in error paths Fix instances of returning error codes directly instead of jumping to the relevant labels where memory allocated for the SCM calls would be...

CVE-2023-52684 firmware: qcom: qseecom: fix memory leaks in error paths

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: qseecom: fix memory leaks in error paths Fix instances of returning error codes directly instead of jumping to the relevant labels where memory allocated for the SCM calls would be...

CVE-2024-35803

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Call mixed mode boot services on the firmware's stack Normally, the EFI stub calls into the EFI boot services using the stack that was live when the stub was entered. According to the UEFI spec, this stack needs to be....

CVE-2024-35803

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Call mixed mode boot services on the firmware's stack Normally, the EFI stub calls into the EFI boot services using the stack that was live when the stub was entered. According to the UEFI spec, this stack needs to...

CVE-2024-35800

In the Linux kernel, the following vulnerability has been resolved: efi: fix panic in kdump kernel Check if get_next_variable() is actually valid pointer before calling it. In kdump kernel this method is set to NULL that causes panic during the kexec-ed kernel boot. Tested with QEMU and OVMF...

CVE-2024-35800

In the Linux kernel, the following vulnerability has been resolved: efi: fix panic in kdump kernel Check if get_next_variable() is actually valid pointer before calling it. In kdump kernel this method is set to NULL that causes panic during the kexec-ed kernel boot. Tested with QEMU and OVMF...

CVE-2024-35803 x86/efistub: Call mixed mode boot services on the firmware's stack

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Call mixed mode boot services on the firmware's stack Normally, the EFI stub calls into the EFI boot services using the stack that was live when the stub was entered. According to the UEFI spec, this stack needs to be....

CVE-2024-35800 efi: fix panic in kdump kernel

In the Linux kernel, the following vulnerability has been resolved: efi: fix panic in kdump kernel Check if get_next_variable() is actually valid pointer before calling it. In kdump kernel this method is set to NULL that causes panic during the kexec-ed kernel boot. Tested with QEMU and OVMF...

CVE-2024-27434

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK The firmware doesn't need the MFP flag for the GTK, it can even make the firmware crash. in case the AP is configured with: group cipher TKIP and MFPC. We would send the GTK...

CVE-2024-27434

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK The firmware doesn't need the MFP flag for the GTK, it can even make the firmware crash. in case the AP is configured with: group cipher TKIP and MFPC. We would send the GTK...

CVE-2024-27413

In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeof(void) on 32-bit architectures is not enough for a 64-bit phys_addr_t: drivers/firmware/efi/capsule-loader.c: In function...

CVE-2024-27413

In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeof(void) on 32-bit architectures is not enough for a 64-bit phys_addr_t: drivers/firmware/efi/capsule-loader.c: In function...

CVE-2024-27434 wifi: iwlwifi: mvm: don't set the MFP flag for the GTK

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK The firmware doesn't need the MFP flag for the GTK, it can even make the firmware crash. in case the AP is configured with: group cipher TKIP and MFPC. We would send the GTK...

CVE-2024-27413 efi/capsule-loader: fix incorrect allocation size

In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeof(void) on 32-bit architectures is not enough for a 64-bit phys_addr_t: drivers/firmware/efi/capsule-loader.c: In function...

Impacts on ICS from the updated Cyber Assessment Framework (CAF)

NCSC has released an update of the Cyber Assessment Framework (CAF). The CAF represents where the rubber hits the road for the UK’s NIS regulations. TL;DR The NCSC CAF has been updated to version 3.2. There has been a material change to three aspects of the CAF. The changes are broadly sensible...

Huawei EulerOS: Security Advisory for linux-firmware (EulerOS-SA-2024-1692)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2024-1683)

The remote host is missing an update for the Huawei...

CVE-2022-37341

Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local...

CVE-2024-22390

Improper input validation in firmware for some Intel(R) FPGA products before version 2.9.1 may allow denial of...

CVE-2024-23980

Improper buffer restrictions in PlatformPfrDxe driver in UEFI firmware for some Intel(R) Server D50FCP Family products may allow a privileged user to enable escalation of privilege via local...

CVE-2024-24981

Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local...

CVE-2024-23487

Improper input validation in UserAuthenticationSmm driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local...

CVE-2024-22382

Improper input validation in PprRequestLog module in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local...

CVE-2024-22095

Improper input validation in PlatformVariableInitDxe driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local...

CVE-2023-49614

Out of bounds write in firmware for some Intel(R) FPGA products before version 2.9.0 may allow escalation of privilege and information...

CVE-2023-41092

Unchecked return value in SDM firmware for Intel(R) Stratix 10 and Intel(R) Agilex 7 FPGAs before version 23.3 may allow an authenticated user to potentially enable denial of service via adjacent...

CVE-2023-28402

Improper input validation in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local...

CVE-2023-28383

Improper conditions check in some Intel(R) BIOS PPAM firmware may allow a privileged user to potentially enable escalation of privilege via local...

CVE-2023-27504

Improper conditions check in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local...

CVE-2023-22662

Improper input validation of EpsdSrMgmtConfig in UEFI firmware for some Intel(R) Server Board S2600BP products may allow a privileged user to potentially enable denial of service via local...

CVE-2022-37341

Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local...

CVE-2021-33146

Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an unauthenticated user to potentially enable information disclosure via network...

CVE-2021-33142

Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable denial of service via local...

CVE-2021-33145

Uncaught exception in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local...

CVE-2021-33158

Improper neutralization in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local...

CVE-2022-37341

Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local...

CVE-2021-33157

Insufficient control flow management in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local...

CVE-2021-33161

Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local...

CVE-2021-33162

Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an authenticated user to potentially enable escalation of privilege via local...

CVE-2021-33141

Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an unauthenticated user to potentially enable denial of service via network...

CVE-2023-27504

Improper conditions check in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local...

CVE-2023-28383

Improper conditions check in some Intel(R) BIOS PPAM firmware may allow a privileged user to potentially enable escalation of privilege via local...

CVE-2023-28402

Improper input validation in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local...

CVE-2023-41092

Unchecked return value in SDM firmware for Intel(R) Stratix 10 and Intel(R) Agilex 7 FPGAs before version 23.3 may allow an authenticated user to potentially enable denial of service via adjacent...