{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-46329", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "state": "PUBLISHED", "assignerShortName": "intel", "dateReserved": "2022-12-06T04:00:03.867Z", "datePublished": "2023-08-11T02:36:53.416Z", "dateUpdated": "2024-08-03T14:31:46.298Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2023-08-11T02:36:53.416Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege"}, {"lang": "en", "description": "Protection mechanism failure", "cweId": "CWE-693", "type": "CWE"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) PROSet/Wireless WiFi software", "versions": [{"version": "See references", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access."}], "references": [{"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html", "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K24OJT4AVMNND7LBTC2ZDDTE6DJHAKB4/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUCYUR4WBTELCRHELISJ3RMZVHKIV5TN/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y76A3PLHIQCEPESB4XVBV5SRRXQEZ5JY/"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00043.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 8.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:31:46.298Z"}, "title": "CVE Program Container", "references": [{"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html", "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K24OJT4AVMNND7LBTC2ZDDTE6DJHAKB4/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUCYUR4WBTELCRHELISJ3RMZVHKIV5TN/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y76A3PLHIQCEPESB4XVBV5SRRXQEZ5JY/", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00043.html", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intel:killer:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D000E1E-4DBE-47F1-B48F-577AFB0B9A3C", "versionEndExcluding": "34.22.1163", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:proset\\/wireless_wifi:*:*:*:*:*:*:*:*", "matchCriteriaId": "E22B4543-24F8-4EF5-A2EE-2F35FFDE39B8", "versionEndExcluding": "22.200", "vulnerable": true}, {"criteria": "cpe:2.3:a:intel:uefi_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8EAFBED-37DE-4BAB-A498-DDE262F315F0", "versionEndExcluding": "3.2.20.23023", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:wi-fi_6_ax201:-:*:*:*:*:*:*:*", "matchCriteriaId": "A0433774-9479-4A01-B697-1379AEA223C9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access."}, {"lang": "es", "value": "Un fallo en el mecanismo de protecci\u00f3n de algunos software de Intel(R) PROSet/Wireless WiFi puede permitir que un usuario con privilegios habilite potencialmente una escalada de privilegios mediante acceso local."}], "id": "CVE-2022-46329", "lastModified": "2023-11-07T03:55:33.977", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "secure@intel.com", "type": "Secondary"}]}, "published": "2023-08-11T03:15:16.540", "references": [{"source": "secure@intel.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html"}, {"source": "secure@intel.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00043.html"}, {"source": "secure@intel.com", "tags": ["Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUCYUR4WBTELCRHELISJ3RMZVHKIV5TN/"}, {"source": "secure@intel.com", "tags": ["Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K24OJT4AVMNND7LBTC2ZDDTE6DJHAKB4/"}, {"source": "secure@intel.com", "tags": ["Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y76A3PLHIQCEPESB4XVBV5SRRXQEZ5JY/"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-693"}], "source": "secure@intel.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:3939", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "linux-firmware-0:20200421-83.git78c0348.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2024-06-17T00:00:00Z"}, {"advisory": "RHSA-2024:3178", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "linux-firmware-0:20240111-121.gitb3132c18.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-05-22T00:00:00Z"}, {"advisory": "RHSA-2024:4575", "cpe": "cpe:/o:redhat:rhel_aus:8.2", "package": "linux-firmware-0:20240419-102.git055dfa8e.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-07-16T00:00:00Z"}, {"advisory": "RHSA-2024:2583", "cpe": "cpe:/o:redhat:rhel_aus:8.4", "package": "linux-firmware-0:20201218-106.git05789708.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-04-30T00:00:00Z"}, {"advisory": "RHSA-2024:2583", "cpe": "cpe:/o:redhat:rhel_tus:8.4", "package": "linux-firmware-0:20201218-106.git05789708.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-04-30T00:00:00Z"}, {"advisory": "RHSA-2024:2583", "cpe": "cpe:/o:redhat:rhel_e4s:8.4", "package": "linux-firmware-0:20201218-106.git05789708.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-04-30T00:00:00Z"}, {"advisory": "RHSA-2024:1112", "cpe": "cpe:/o:redhat:rhel_eus:8.6", "package": "linux-firmware-0:20220210-114.git6342082c.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-03-05T00:00:00Z"}, {"advisory": "RHSA-2024:0577", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "linux-firmware-0:20230404-118.git2e92a49f.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-01-30T00:00:00Z"}, {"advisory": "RHSA-2023:6595", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "linux-firmware-0:20230814-140.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}, {"advisory": "RHSA-2024:3422", "cpe": "cpe:/o:redhat:rhel_eus:9.0", "package": "linux-firmware-0:20220209-130.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2024-05-28T00:00:00Z"}, {"advisory": "RHSA-2024:0449", "cpe": "cpe:/o:redhat:rhel_eus:9.2", "package": "linux-firmware-0:20230310-138.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-01-25T00:00:00Z"}], "bugzilla": {"description": "hw: intel: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi", "id": "2238961", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238961"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-693", "details": ["Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.", "Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to enable escalation of privilege via local access."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2022-46329", "public_date": "2023-08-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-46329\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-46329\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html"], "threat_severity": "Important", "upstream_fix": "linux-firmware 20230804"}