CVE-2021-0178

Vulnerability

Improper input validation in the software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. The affected software versions include Intel PROSet/Wireless Wi-Fi software version 22.40 and earlier, and Killer Wi-Fi software version 2.2 and earlier, as described in the Intel security advisory [1].

Exploitation

An unauthenticated attacker with adjacent network access (i.e., within wireless range) can exploit the vulnerability without any user interaction or special privileges. The attack does not require authentication, as the flaw resides in input handling of the driver software, which can be triggered by sending specially crafted packets over the air from a nearby device [1].

Impact

Successful exploitation leads to a denial of service (DoS) condition, causing the affected wireless device to become unresponsive or crash. This disrupts network connectivity for the user but does not allow data disclosure, privilege escalation, or code execution [1].

Mitigation

Intel has released updates to address the vulnerability. Users should update to Intel PROSet/Wireless Wi-Fi software version 22.50 or later, and Killer Wi-Fi software version 3.0 or later, as specified in INTEL-SA-00539 [1]. No workarounds are provided; updating the drivers is the recommended mitigation.