{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-38076", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "state": "PUBLISHED", "assignerShortName": "intel", "dateReserved": "2022-08-10T03:00:25.306Z", "datePublished": "2023-08-11T02:36:55.105Z", "dateUpdated": "2024-08-03T10:45:52.414Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2023-08-11T02:36:55.105Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege"}, {"lang": "en", "description": "Improper input validation", "cweId": "CWE-20", "type": "CWE"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software", "versions": [{"version": "See references", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access."}], "references": [{"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html", "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K24OJT4AVMNND7LBTC2ZDDTE6DJHAKB4/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUCYUR4WBTELCRHELISJ3RMZVHKIV5TN/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y76A3PLHIQCEPESB4XVBV5SRRXQEZ5JY/"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00043.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 3.8, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:45:52.414Z"}, "title": "CVE Program Container", "references": [{"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html", "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K24OJT4AVMNND7LBTC2ZDDTE6DJHAKB4/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUCYUR4WBTELCRHELISJ3RMZVHKIV5TN/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y76A3PLHIQCEPESB4XVBV5SRRXQEZ5JY/", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00043.html", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intel:killer:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D000E1E-4DBE-47F1-B48F-577AFB0B9A3C", "versionEndExcluding": "34.22.1163", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:proset\\/wireless_wifi:*:*:*:*:*:*:*:*", "matchCriteriaId": "E22B4543-24F8-4EF5-A2EE-2F35FFDE39B8", "versionEndExcluding": "22.200", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:uefi_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8EAFBED-37DE-4BAB-A498-DDE262F315F0", "versionEndExcluding": "3.2.20.23023", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:dual_band_wireless-ac_3165:-:*:*:*:*:*:*:*", "matchCriteriaId": "0C1729F4-7CCA-404A-903E-F0F6C1F9302B", "vulnerable": false}, {"criteria": "cpe:2.3:h:intel:dual_band_wireless-ac_3168:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E3F3AC3-7774-44DE-82C3-531D874D6175", "vulnerable": false}, {"criteria": "cpe:2.3:h:intel:dual_band_wireless-ac_8260:-:*:*:*:*:*:*:*", "matchCriteriaId": "FD5900B9-D8E3-4928-B587-955BCAE07460", "vulnerable": false}, {"criteria": "cpe:2.3:h:intel:dual_band_wireless-ac_8265:-:*:*:*:*:*:*:*", "matchCriteriaId": "89ED6FDA-BE47-4E7D-A449-439A917119DA", "vulnerable": false}, {"criteria": "cpe:2.3:h:intel:killer_wireless-ac_1550:-:*:*:*:*:*:*:*", "matchCriteriaId": "92ECE07F-7E95-4BF0-A9DC-B1DB336A2B8B", "vulnerable": false}, {"criteria": "cpe:2.3:h:intel:wireless-ac_9260:-:*:*:*:*:*:*:*", "matchCriteriaId": "4900842A-56C4-4F09-BBD4-080EC7CEBF33", "vulnerable": false}, {"criteria": "cpe:2.3:h:intel:wireless-ac_9461:-:*:*:*:*:*:*:*", "matchCriteriaId": "2F198C1B-28A8-4FB8-9266-333A6E465445", "vulnerable": false}, {"criteria": "cpe:2.3:h:intel:wireless-ac_9462:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B60A55C-0969-43D4-A1A8-0E736DE89AFA", "vulnerable": false}, {"criteria": "cpe:2.3:h:intel:wireless-ac_9560:-:*:*:*:*:*:*:*", "matchCriteriaId": "C7A5DD09-188E-4772-BBFD-3DCC776F4D55", "vulnerable": false}, {"criteria": "cpe:2.3:h:intel:wireless_7265_\\(rev_d\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "BD700D79-A4B3-4C62-93BE-D13F016AA3CC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access."}, {"lang": "es", "value": "Una validaci\u00f3n de entrada incorrecta en algunos programas Intel(R) PROSet/Wireless WiFi y Killer(TM) WiFi puede permitir que un usuario autenticado habilite potencialmente una escalada de privilegios mediante acceso local."}], "id": "CVE-2022-38076", "lastModified": "2023-11-07T03:50:00.173", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 1.4, "source": "secure@intel.com", "type": "Secondary"}]}, "published": "2023-08-11T03:15:13.843", "references": [{"source": "secure@intel.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html"}, {"source": "secure@intel.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00043.html"}, {"source": "secure@intel.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUCYUR4WBTELCRHELISJ3RMZVHKIV5TN/"}, {"source": "secure@intel.com", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K24OJT4AVMNND7LBTC2ZDDTE6DJHAKB4/"}, {"source": "secure@intel.com", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y76A3PLHIQCEPESB4XVBV5SRRXQEZ5JY/"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "secure@intel.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:3939", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "linux-firmware-0:20200421-83.git78c0348.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2024-06-17T00:00:00Z"}, {"advisory": "RHSA-2023:6595", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "linux-firmware-0:20230814-140.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}], "bugzilla": {"description": "hw: intel: Improper input validation in some Intel(R) PROSet/Wireless WiFi", "id": "2238964", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238964"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "status": "verified"}, "cwe": "CWE-20", "details": ["Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.", "An improper input validation flaw was found in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software that may allow an authenticated user to enable escalation of privilege via local access."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2022-38076", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "linux-firmware", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2023-08-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-38076\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-38076\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html"], "threat_severity": "Low", "upstream_fix": "linux-firmware 20230804"}