CVE-2021-0179

Vulnerability

CVE-2021-0179 is an improper use of validation framework vulnerability in the software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi on Windows 10 and 11. The flaw exists in the driver's handling of certain network packets, where validation checks are insufficiently applied. Affected versions include all releases prior to the fixed versions listed in Intel advisory INTEL-SA-00539 [1].

Exploitation

An unauthenticated attacker with adjacent network access (i.e., within wireless range) can exploit this vulnerability by sending specially crafted packets to the target system. No user interaction or authentication is required. The attacker does not need any prior access to the system [1].

Impact

Successful exploitation leads to a denial of service condition, causing the affected wireless driver to crash or become unresponsive. This disrupts network connectivity for the target system until the driver is restarted or the system is rebooted. The impact is limited to availability; no data confidentiality or integrity is compromised [1].

Mitigation

Intel has released software updates to address this vulnerability. Users should update their Intel PROSet/Wireless Wi-Fi and Killer Wi-Fi drivers to the versions specified in Intel advisory INTEL-SA-00539 [1]. No workarounds are available; applying the patch is the recommended mitigation. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.