CVE-2021-0163

Vulnerability

An improper validation of consistency within input exists in the software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi on Windows 10 and 11. This flaw resides in the driver handling of wireless frames, where the software fails to verify the internal consistency of received data. The vulnerability affects specific versions of the driver as detailed in the Intel advisory [1]. An attacker within wireless range can exploit this by sending crafted input to the driver.

Exploitation

An unauthenticated attacker with adjacent network access (i.e., within Wi-Fi range) can trigger the vulnerability by sending a specially crafted wireless frame to the target system. No user interaction or prior authentication is required. The improper validation allows the attacker to manipulate driver state, leading to privilege escalation.

Impact

Successful exploitation enables an attacker to escalate privileges on the affected Windows system. This could result in arbitrary code execution at an elevated integrity level, potentially allowing full compromise of the device's confidentiality, integrity, and availability.

Mitigation

Intel has released updated driver versions to address this vulnerability. Users should apply the latest updates from Intel or their device manufacturer as specified in the advisory [1]. No workarounds are documented; updating to the fixed version is the recommended mitigation.