rpm package

almalinux/iwl100-firmware

pkg:rpm/almalinux/iwl100-firmware

Vulnerabilities (11)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2023-31356	Med	4.4	< 39.31.5.1-124.el8_10.1	39.31.5.1-124.el8_10.1	Aug 13, 2024	Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity.
CVE-2023-20584		—	< 39.31.5.1-124.el8_10.1	39.31.5.1-124.el8_10.1	Aug 13, 2024	IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity.
CVE-2023-31346		—	< 39.31.5.1-122.el8_10.1	39.31.5.1-122.el8_10.1	Feb 13, 2024	Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests.
CVE-2023-20592		—	< 39.31.5.1-121.el8.1	39.31.5.1-121.el8.1	Nov 14, 2023	Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.
CVE-2022-38076		—	< 39.31.5.1-140.el9_3	39.31.5.1-140.el9_3	Aug 11, 2023	Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-36351		—	< 39.31.5.1-140.el9_3	39.31.5.1-140.el9_3	Aug 11, 2023	Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2022-40964		—	< 39.31.5.1-140.el9_3	39.31.5.1-140.el9_3	Aug 11, 2023	Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-46329		—	< 39.31.5.1-140.el9_3	39.31.5.1-140.el9_3	Aug 11, 2023	Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-27635		—	< 39.31.5.1-140.el9_3	39.31.5.1-140.el9_3	Aug 11, 2023	Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-20569		—	< 39.31.5.1-140.el9_3	39.31.5.1-140.el9_3	Aug 8, 2023	A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
CVE-2023-20593		—	< 39.31.5.1-135.el9_2.alma.1	39.31.5.1-135.el9_2.alma.1	Jul 24, 2023	An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.

CVE-2023-31356MedAug 13, 2024
affected < 39.31.5.1-124.el8_10.1fixed 39.31.5.1-124.el8_10.1
Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity.
CVE-2023-20584Aug 13, 2024
affected < 39.31.5.1-124.el8_10.1fixed 39.31.5.1-124.el8_10.1
IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity.
CVE-2023-31346Feb 13, 2024
affected < 39.31.5.1-122.el8_10.1fixed 39.31.5.1-122.el8_10.1
Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests.
CVE-2023-20592Nov 14, 2023
affected < 39.31.5.1-121.el8.1fixed 39.31.5.1-121.el8.1
Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.
CVE-2022-38076Aug 11, 2023
affected < 39.31.5.1-140.el9_3fixed 39.31.5.1-140.el9_3
Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-36351Aug 11, 2023
affected < 39.31.5.1-140.el9_3fixed 39.31.5.1-140.el9_3
Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2022-40964Aug 11, 2023
affected < 39.31.5.1-140.el9_3fixed 39.31.5.1-140.el9_3
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-46329Aug 11, 2023
affected < 39.31.5.1-140.el9_3fixed 39.31.5.1-140.el9_3
Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-27635Aug 11, 2023
affected < 39.31.5.1-140.el9_3fixed 39.31.5.1-140.el9_3
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-20569Aug 8, 2023
affected < 39.31.5.1-140.el9_3fixed 39.31.5.1-140.el9_3
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
CVE-2023-20593Jul 24, 2023
affected < 39.31.5.1-135.el9_2.alma.1fixed 39.31.5.1-135.el9_2.alma.1
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.