CVE-2021-33113

Vulnerability

An improper input validation vulnerability exists in the Intel(R) PROSet/Wireless WiFi software for multiple operating systems and the Killer(TM) WiFi software for Windows 10 and Windows 11 [1]. This bug resides in the driver's handling of certain network packets and can be triggered without authentication when the system is within radio range of the attacker. Affected versions are those prior to the updates specified in the Intel advisory (Intel-SA-00582) [1].

Exploitation

An attacker must be in adjacent proximity to the target system (i.e., within wireless range) and does not require any prior authentication [1]. By sending specially crafted wireless frames, the vulnerability can be triggered. The attacker does not need user interaction or elevated privileges on the target network; adjacent access is sufficient [1].

Impact

Successful exploitation can lead to denial of service (DoS), causing the affected system to crash or become unresponsive, or information disclosure, potentially allowing the attacker to read sensitive data from kernel memory [1]. The impact is limited to systems with the vulnerable driver installed and does not provide remote code execution or full system compromise according to the available references.

Mitigation

Intel has released driver updates to address this vulnerability. Affected users should update to the latest version of the Intel PROSet/Wireless WiFi or Killer WiFi software provided by Intel or their system manufacturer [1]. No workarounds are mentioned in the advisory; keeping software up to date is the primary mitigation.