{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-40964", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "state": "PUBLISHED", "assignerShortName": "intel", "dateReserved": "2022-09-27T00:28:29.138Z", "datePublished": "2023-08-11T02:36:53.959Z", "dateUpdated": "2024-08-03T12:28:42.971Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2023-08-11T02:36:53.959Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege"}, {"lang": "en", "description": "Improper access control", "cweId": "CWE-284", "type": "CWE"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software", "versions": [{"version": "See references", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access."}], "references": [{"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html", "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K24OJT4AVMNND7LBTC2ZDDTE6DJHAKB4/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUCYUR4WBTELCRHELISJ3RMZVHKIV5TN/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y76A3PLHIQCEPESB4XVBV5SRRXQEZ5JY/"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00043.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 7.9, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:28:42.971Z"}, "title": "CVE Program Container", "references": [{"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html", "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K24OJT4AVMNND7LBTC2ZDDTE6DJHAKB4/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUCYUR4WBTELCRHELISJ3RMZVHKIV5TN/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y76A3PLHIQCEPESB4XVBV5SRRXQEZ5JY/", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00043.html", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intel:killer:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D000E1E-4DBE-47F1-B48F-577AFB0B9A3C", "versionEndExcluding": "34.22.1163", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:proset\\/wireless_wifi:*:*:*:*:*:*:*:*", "matchCriteriaId": "E22B4543-24F8-4EF5-A2EE-2F35FFDE39B8", "versionEndExcluding": "22.200", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:uefi_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8EAFBED-37DE-4BAB-A498-DDE262F315F0", "versionEndExcluding": "3.2.20.23023", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:killer_wi-fi_6_ax1650i\\/s:-:*:*:*:*:*:*:*", "matchCriteriaId": "4CF26EB8-A731-4186-9338-1B2873A61D8F", "vulnerable": false}, {"criteria": "cpe:2.3:h:intel:killer_wi-fi_6e_ax1675i\\/s:-:*:*:*:*:*:*:*", "matchCriteriaId": "7769243A-AD4D-47AB-AC83-2E6EA9E040C5", "vulnerable": false}, {"criteria": "cpe:2.3:h:intel:killer_wi-fi_6e_ax1675x\\/w:-:*:*:*:*:*:*:*", "matchCriteriaId": "28382BCE-0FF3-44AC-97C2-E74BB17F1C3E", "vulnerable": false}, {"criteria": "cpe:2.3:h:intel:killer_wi-fi_6e_ax1690i\\/s:-:*:*:*:*:*:*:*", "matchCriteriaId": "F5D37D73-C613-4800-B414-8AC9A32AD5E5", "vulnerable": false}, {"criteria": "cpe:2.3:h:intel:killer_wireless-ac_1550i\\/s:-:*:*:*:*:*:*:*", "matchCriteriaId": "DC34DCD7-D31D-411D-859E-75617C9E2201", "vulnerable": false}, {"criteria": "cpe:2.3:h:intel:wi-fi_6_ax201:-:*:*:*:*:*:*:*", "matchCriteriaId": "A0433774-9479-4A01-B697-1379AEA223C9", "vulnerable": false}, {"criteria": "cpe:2.3:h:intel:wi-fi_6e_ax210:-:*:*:*:*:*:*:*", "matchCriteriaId": "54323008-43E6-4A85-BB92-F2EF6ED8E57C", "vulnerable": false}, {"criteria": "cpe:2.3:h:intel:wi-fi_6e_ax211:-:*:*:*:*:*:*:*", "matchCriteriaId": "C90E6127-7D01-49CE-96EF-9F4CB5891373", "vulnerable": false}, {"criteria": "cpe:2.3:h:intel:wi-fi_6e_ax411:-:*:*:*:*:*:*:*", "matchCriteriaId": "ADE89FD4-8B08-430E-976A-068DBF47F5F7", "vulnerable": false}, {"criteria": "cpe:2.3:h:intel:wireless-ac_9461:-:*:*:*:*:*:*:*", "matchCriteriaId": "2F198C1B-28A8-4FB8-9266-333A6E465445", "vulnerable": false}, {"criteria": "cpe:2.3:h:intel:wireless-ac_9462:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B60A55C-0969-43D4-A1A8-0E736DE89AFA", "vulnerable": false}, {"criteria": "cpe:2.3:h:intel:wireless-ac_9560:-:*:*:*:*:*:*:*", "matchCriteriaId": "C7A5DD09-188E-4772-BBFD-3DCC776F4D55", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access."}, {"lang": "es", "value": "Un control de acceso inadecuado para algunos programas Intel(R) PROSet/Wireless WiFi y Killer(TM) WiFi puede permitir que un usuario con privilegios habilite potencialmente una escalada de privilegios mediante acceso local."}], "id": "CVE-2022-40964", "lastModified": "2023-11-07T03:52:38.910", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 5.8, "source": "secure@intel.com", "type": "Secondary"}]}, "published": "2023-08-11T03:15:14.603", "references": [{"source": "secure@intel.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html"}, {"source": "secure@intel.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00043.html"}, {"source": "secure@intel.com", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUCYUR4WBTELCRHELISJ3RMZVHKIV5TN/"}, {"source": "secure@intel.com", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K24OJT4AVMNND7LBTC2ZDDTE6DJHAKB4/"}, {"source": "secure@intel.com", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y76A3PLHIQCEPESB4XVBV5SRRXQEZ5JY/"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "secure@intel.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:3939", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "linux-firmware-0:20200421-83.git78c0348.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2024-06-17T00:00:00Z"}, {"advisory": "RHSA-2024:4575", "cpe": "cpe:/o:redhat:rhel_aus:8.2", "package": "linux-firmware-0:20240419-102.git055dfa8e.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-07-16T00:00:00Z"}, {"advisory": "RHSA-2023:6595", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "linux-firmware-0:20230814-140.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}, {"advisory": "RHSA-2024:3422", "cpe": "cpe:/o:redhat:rhel_eus:9.0", "package": "linux-firmware-0:20220209-130.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2024-05-28T00:00:00Z"}], "bugzilla": {"description": "hw: intel: Improper access control for some Intel(R) PROSet/Wireless WiFi", "id": "2238962", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238962"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.9", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H", "status": "verified"}, "cwe": "CWE-284", "details": ["Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.", "An improper access control flaw was found in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software that may allow a privileged user to enable escalation of privilege via local access."], "mitigation": {"lang": "en:us", "value": "UEFI firmware to version 3.2.20.23023 (includes versions 2.2.20.23023 and 1.2.20.23023)or later."}, "name": "CVE-2022-40964", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "linux-firmware", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2023-08-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-40964\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-40964\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html"], "statement": "Please contact your OEM support group to obtain the correct driver version.", "threat_severity": "Important", "upstream_fix": "linux-firmware 20230804"}