firmware-nonfree - Debian Package Tracker

general

source: firmware-nonfree (non-free-firmware)
version: 20260309-1
maintainer: Debian Kernel Team (archive) (DMD)
uploaders: Bastian Blank [DMD] – Salvatore Bonaccorso [DMD] – maximilian attems [DMD] – Ben Hutchings [DMD]
arch: all
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 20210315-3
oldstable: 20230210-5
old-bpo: 20250410-2~bpo12+1
stable: 20250410-2
stable-bpo: 20260309-1~bpo13+1
testing: 20260309-1
unstable: 20260309-1

versioned links

20210315-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20230210-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20250410-2~bpo12+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20250410-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20260309-1~bpo13+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20260309-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

firmware-amd-graphics (9 bugs: 0, 9, 0, 0)
firmware-atheros (3 bugs: 0, 3, 0, 0)
firmware-bnx2
firmware-bnx2x
firmware-brcm80211 (2 bugs: 0, 2, 0, 0)
firmware-cavium
firmware-cirrus
firmware-intel-graphics
firmware-intel-misc
firmware-intel-sound (1 bugs: 0, 1, 0, 0)
firmware-ipw2x00
firmware-ivtv
firmware-iwlwifi (20 bugs: 0, 19, 1, 0)
firmware-libertas
firmware-linux
firmware-linux-nonfree (2 bugs: 0, 1, 1, 0)
firmware-marvell-prestera
firmware-mediatek (1 bugs: 0, 1, 0, 0)
firmware-misc-nonfree (10 bugs: 0, 8, 2, 0)
firmware-myricom
firmware-netronome
firmware-netxen (1 bugs: 0, 1, 0, 0)
firmware-nvidia-graphics (1 bugs: 0, 0, 1, 0)
firmware-qcom-media
firmware-qcom-soc
firmware-qlogic
firmware-realtek (6 bugs: 0, 6, 0, 0)
firmware-samsung
firmware-siano (1 bugs: 0, 1, 0, 0)
firmware-ti-connectivity (1 bugs: 0, 1, 0, 0)

action needed

A new upstream version is available: 20260410 high

A new upstream version 20260410 is available, you should consider packaging it.

Created: 2026-04-11 Last update: 2026-04-11 03:03

24 security issues in bullseye high

There are 24 open security issues in bullseye.

3 important issues:

CVE-2025-26402: Protection mechanism failure for some Intel(R) NPU Drivers within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
CVE-2025-26405: Improper control of dynamically-managed code resources for some Intel(R) NPU Drivers within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires passive user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
CVE-2025-32735: Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

21 issues postponed or untriaged:

CVE-2023-4969: (needs triaging) A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures.
CVE-2020-24586: (needs triaging) The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.
CVE-2020-24587: (needs triaging) The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.
CVE-2020-24588: (needs triaging) The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.
CVE-2021-23168: (needs triaging) Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2021-23223: (needs triaging) Improper initialization for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2021-37409: (needs triaging) Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2021-44545: (needs triaging) Improper input validation for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2022-21181: (needs triaging) Improper input validation for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-27635: (needs triaging) Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-36351: (needs triaging) Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2022-38076: (needs triaging) Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-40964: (needs triaging) Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-46329: (needs triaging) Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-35061: (needs triaging) Improper initialization for the Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
CVE-2023-38417: (needs triaging) Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-47210: (needs triaging) Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2024-23198: (postponed; to be fixed through a stable update) Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access.
CVE-2024-24984: (postponed; to be fixed through a stable update) Improper input validation for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.40 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2024-25563: (postponed; to be fixed through a stable update) Improper initialization in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi before version 23.40 may allow a privileged user to potentially enable information disclosure via local access.
CVE-2024-28049: (postponed; to be fixed through a stable update) Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi wireless products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access.

Created: 2025-11-16 Last update: 2026-03-31 05:00

13 security issues in buster high

There are 13 open security issues in buster.

12 important issues:

CVE-2023-25951: Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-26586: Uncaught exception for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-28374: Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-28720: Improper initialization for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access..
CVE-2023-32642: Insufficient adherence to expected conventions for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-32644: Protection mechanism failure for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-32651: Improper validation of specified type of input for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-33875: Improper access control for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via local access..
CVE-2023-34983: Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-35061: Improper initialization for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
CVE-2023-38417: Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-47210: Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

1 issue postponed or untriaged:

CVE-2023-4969: (postponed; to be fixed through a stable update) A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures.

Created: 2024-05-02 Last update: 2024-05-22 17:48

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs (3 if counting merged bugs), consider including or untagging them.

Created: 2026-04-06 Last update: 2026-04-11 04:30

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 20260309-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 2db9c73610bb39a6b60c19520769d8c97f7b9cf1
Author: Ben Hutchings <benh@debian.org>
Date:   Mon Apr 6 15:18:16 2026 +0200

    d/b/gencontrol.py: Disable makefile generation more cleanly
    
    Instead of monkey-patching the bundle object's write_makefile method,
    override our own write method to only call write_control.

commit d551b760e780e98461c1e06408798c1d1cc5eb0c
Merge: 27b78e8 3328ca4
Author: Ben Hutchings <benh@debian.org>
Date:   Mon Apr 6 13:59:49 2026 +0200

    Merge branch 'config-cleanup' into 'debian/latest'
    
    Clean up configuration format and directory
    
    See merge request kernel-team/firmware-nonfree!143

commit 27b78e867ea4d83a3d455f4ca6def2005fadf2e1
Merge: 4574b21 e90faf9
Author: Ben Hutchings <benh@debian.org>
Date:   Mon Apr 6 13:59:02 2026 +0200

    Merge branch 'remove-usrmovemitigation' into 'debian/latest'
    
    Remove usr-move mitigation, only needed for the trixie upgrade
    
    See merge request kernel-team/firmware-nonfree!144

commit 3328ca498600e9a23e46dbe5776d47fd381a35fb
Author: Ben Hutchings <benh@debian.org>
Date:   Thu Apr 2 19:38:54 2026 +0200

    Move EULA text into configuration file
    
    Since TOML supports multi-line strings with newlines preserved, we can
    now include the EULAs for ipw2x00 and ivtv firmware in the
    configuration file.  Do that, removing the last per-package files
    under debian/config.
    
    Group the 2 EULA fields into a subsection so we can require that both
    or neither are present.

commit 9499157d141d63b144f49477af0e8ca8330b497c
Author: Ben Hutchings <benh@debian.org>
Date:   Thu Apr 2 17:47:46 2026 +0200

    Change configuration handling to use TOML format and dacite
    
    Switch configuration parsing over to TOML, with a schema defined via
    dacite and dataclasses.  The same change was previously done in
    src:linux.
    
    Since TOML allows defining an 'array of tables', take this opportunity
    to put the per-package and global config together.
    
    - debian_firmware.config:
      - Define dataclasses for global and per-package config
      - Read the config from d/c/defines.toml using tomllib and dacite
      - Rename some fields to use underscores instead of hyphens
    - d/config: Convert to the new format
    - d/rules: Update CONTROL_FILES for the above change
    - d/README.source: Update to describe the new format
    - d/b/{check_upstream.py,gencontrol.py,install-files}: Update to use
      the new config API
    - d/t/source.control.in: Add dependency on dacite

commit 1f2e9384ba3db3167b53ae13358690775597b5b7
Author: Ben Hutchings <benh@debian.org>
Date:   Fri Apr 3 19:08:03 2026 +0200

    Remove 'license_accept' package config field
    
    The 'license_accept' field is always set to 'required', not
    'no-preseed', and we should not need to add any more firmware with
    EULAs.  So:
    
    - d/t/preinst.license.in: Do not use the 'license_accept' variable,
      and always allow preseeding
    - d/b/gencontrol.py: Check for presence of the 'license_title' field
      instead
    - d/c/{ipw2x00,ivtv}/defines: Remove definition of the field
    - d/README.source: Update description of package config

commit 650c376c4ba850204a4be634808596b1dbd3bc99
Author: Ben Hutchings <benh@debian.org>
Date:   Thu Apr 2 17:16:56 2026 +0200

    Move added/replacement firmware to debian/added-firmware/
    
    Currently added and replacement firmware files and symlinks are placed
    under debian/config/<package>, but they are not config so this doesn't
    make a lot of sense.  It also complicates install-files which has to
    filter out various filenames to determine whether any of that firmware
    is unused.
    
    - d/config: Move all firmware files and symlinks directly under
      debian/added-firmware/
    - d/bin: Change check_upstream.py and install-files to look there
    - d/copyright, d/source/include-binaries: Update filenames and patterns
    - d/c/misc-nonfree: Since this includes v4l-*, exclude files that
      belong in ivtv and would otherwise now be included
    - d/README.source: Remove text stating non-upstream files go under
      debian/config and add a separate section describing
      debian/added-firmware

commit e90faf944798013256e47216320dac11cd6e3f10
Author: Ben Hutchings <benh@debian.org>
Date:   Fri Apr 3 19:34:17 2026 +0200

    Remove usr-move mitigation, only needed for the trixie upgrade
    
    The usr-move mitigation code was needed in upgrades from
    bookworm(-backports) to trixie, but not in upgrades from trixie to
    trixie-backports or forky.  Release-skipping upgrades are not
    supported, so it can be removed now.

commit 4574b210157d5194baffb63d2bd43e58bd790042
Author: Ben Hutchings <benh@debian.org>
Date:   Thu Apr 2 19:54:40 2026 +0200

    d/copyright: Remove metainfo.xml files, no longer included in source package
    
    Fixes: 56ef6cd0 ("Only install files and generate metainfo.xml at build time")

commit f86b7c1c92ea861a8e39d2a61bb094fc85a5ad8b
Author: Ben Hutchings <benh@debian.org>
Date:   Thu Apr 2 19:50:00 2026 +0200

    d/copyright: Correct information for reverted QCA9377 rev 1.0 firmware
    
    We reverted a breaking change in ath10k/QCA9377/hw1.0/firmware-5.bin
    by adding the old version under debian/config/atheros.  But the
    copyright and license for this weren't correctly recorded here.
    
    Add the old version to the same stanza as the current version.

commit 403c960195eb8917a92727a11cc75c07eba7b010
Author: Ben Hutchings <benh@debian.org>
Date:   Thu Apr 2 19:04:02 2026 +0200

    d/b/check_upstream.py: Fix name of 'files-excluded' config field
    
    The package config field is called 'files-excluded', like in
    debian/copyright, not 'files-exclude'.
    
    This fix results in reporting several more files as not included in
    binary packages, but these seem to all be either legal notices which
    we don't need to include (as they are already copied into
    debian/copyright) or firmware that we intentionally don't want to
    ship.  These should be resolved later on.

commit 91fb15a016abbd3eff31cd88a79f72c867544535
Merge: 7db9447 2934a77
Author: Ben Hutchings <benh@debian.org>
Date:   Thu Apr 2 17:03:04 2026 +0200

    Merge branch 'replace-copy-firmware' into 'debian/latest'
    
    Replace copy-firmware.sh; install files and generate metainfo.xml at build time
    
    See merge request kernel-team/firmware-nonfree!142

commit 2934a774f32777d2699f5d4707c90a53af284ba5
Author: Ben Hutchings <benh@debian.org>
Date:   Thu Mar 26 21:31:09 2026 +0100

    Replace upstream copy-firmware.sh with our own WHENCE parser
    
    The upstream copy-firmware.sh script doesn't work that well for us.
    I've had to patch it to cope with the fact that we exclude some files,
    and it's also rather slow.
    
    Since we already have our own code to parse WHENCE, we don't actually
    need copy-firmware.sh to do it.
    
    In install-files:
    
    - Parse WHENCE to find the upstream files and links.
    - Apply file and link exclusion patterns from debian/copyright and
      debian/config/defines.
    - Report the installation actions, as copy-firmware.sh previously did.
    
    In debian/rules:
    
    - Change override_dh_auto_install to do nothing.
    
    Drop all our patches to copy-firmware.sh.

commit 1875e02d32bd5b14a9d9ea34030ae79a996fe4dc
Author: Ben Hutchings <benh@debian.org>
Date:   Sat Mar 28 13:07:00 2026 +0100

    debian_firmware.firmware: Handle filename escaping and extra spaces
    
    File/RawFile/Link fields can and do use backslash as an escape in
    filenames.  Change our parser to decode those.
    
    Link fields are also allowed to have multiple spaces to the left or
    right of the '->' separator.  Use a regex to split at the separator.

commit 1d5adb095ab2c22fde4cd77c76a13dc3922d6a84
Author: Ben Hutchings <benh@debian.org>
Date:   Sat Mar 28 01:04:05 2026 +0100

    debian_firmware.firmware: Handle file groups with only links
    
    There is currently a single section in WHENCE with only a link and no
    files.  This gets discarded because I failed to update the condition
    for adding a new file group in commit febfc38e00df
    "debian_firmware.firmware: Parse Link fields and include in
    FirmwareGroup".  Update that condition to check for files or links.

commit 56ef6cd062d75f26f1a960376c2c9582992cfc1c
Author: Ben Hutchings <benh@debian.org>
Date:   Sat Mar 28 13:27:51 2026 +0100

    Only install files and generate metainfo.xml at build time
    
    Currently we generate the metainfo.xml files and dh_install file lists
    from gencontrol.py, which requires installing files as part of source
    package preparation.  This was mostly done because it was convenient
    to extend gencontrol.py, but it is not really necessary and it's
    annoying to have to run the file installation multiple times when
    building source and then binary packages.
    
    In a new script debian/bin/install-files:
    
    - Replace the generation of dh_install file lists in gencontrol.py
      with immediate installation of the selected files in this script
    - Move all the metainfo.xml generation from gencontrol.py into this
      script
    
    In debian/rules:
    
    - Remove the now-unneeded execution of copy-firmware.sh from the
      debian/control-real rule
    - Change the execute_after_dh_install rule to override_dh_install and
      run install-files there

Created: 2026-04-02 Last update: 2026-04-06 15:00

lintian reports 12 warnings normal

Lintian reports 12 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2026-02-05 Last update: 2026-02-16 10:49

AppStream hints: 1 warning for firmware-bnx2,firmware-intel-graphics,firmware-qlogic,firmware-nvidia-graphics,firmware-intel-sound,firmware-ipw2x00,firmware-amd-graphics,firmware-intel-misc,firmware-iwlwifi,firmware-samsung,firmware-realtek,firmware-libertas,firmware-ti-connectivity,firmware-mediatek,firmware-cavium,firmware-atheros,firmware-marvell-prestera,firmware-bnx2x,firmware-brcm80211,firmware-misc-nonfree,firmware-siano,firmware-myricom,firmware-qcom-soc,firmware-ivtv,firmware-cirrus,firmware-netronome,firmware-netxen normal

AppStream found metadata issues for packages:

firmware-ipw2x00: 1 warning

You should get rid of them to provide more metadata about this software.

Created: 2024-01-27 Last update: 2025-04-21 17:20

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2025-32735: (needs triaging) Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-02-11 Last update: 2026-03-31 05:00

debian/patches: 1 patch to forward upstream low

Among the 4 debian patches available in version 20260309-1 of the package, we noticed the following issues:

1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2024-12-20 Last update: 2026-03-26 21:31

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.3.0).

Created: 2023-05-16 Last update: 2026-03-31 15:01

No known security issue in bookworm wishlist

There are 13 open security issues in bookworm.

13 ignored issues:

CVE-2023-4969: A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures.
CVE-2022-27635: Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-36351: Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2022-38076: Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-40964: Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-46329: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-35061: Improper initialization for the Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
CVE-2023-38417: Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-47210: Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2024-23198: Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access.
CVE-2024-24984: Improper input validation for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.40 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2024-25563: Improper initialization in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi before version 23.40 may allow a privileged user to potentially enable information disclosure via local access.
CVE-2024-28049: Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi wireless products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access.

Created: 2023-08-18 Last update: 2026-03-31 05:00

news

[rss feed]

[2026-04-02] Accepted firmware-nonfree 20260309-1~bpo13+1 (source) into stable-backports (Ben Hutchings)
[2026-03-31] firmware-nonfree 20260309-1 MIGRATED to testing (Debian testing watch)
[2026-03-26] Accepted firmware-nonfree 20260221-1~bpo13+1 (source) into stable-backports (Ben Hutchings)
[2026-03-26] Accepted firmware-nonfree 20260309-1 (source) into unstable (Ben Hutchings)
[2026-03-17] firmware-nonfree 20260221-1 MIGRATED to testing (Debian testing watch)
[2026-03-14] Accepted firmware-nonfree 20260110-1~bpo13+1 (source) into stable-backports (Ben Hutchings)
[2026-03-11] Accepted firmware-nonfree 20260221-1 (source) into unstable (Ben Hutchings)
[2026-02-28] firmware-nonfree 20260110-1 MIGRATED to testing (Debian testing watch)
[2026-02-26] Accepted firmware-nonfree 20251111-1~bpo13+1 (source) into stable-backports (Ben Hutchings)
[2026-02-04] Accepted firmware-nonfree 20260110-1 (source) into unstable (Ben Hutchings)
[2026-02-03] Accepted firmware-nonfree 20251125-1 (source) into unstable (Ben Hutchings)
[2025-11-30] firmware-nonfree 20251111-1 MIGRATED to testing (Debian testing watch)
[2025-11-25] Accepted firmware-nonfree 20251021-1~bpo13+1 (source) into stable-backports (Ben Hutchings)
[2025-11-24] Accepted firmware-nonfree 20251111-1 (source) into unstable (Ben Hutchings)
[2025-11-08] firmware-nonfree 20251021-1 MIGRATED to testing (Debian testing watch)
[2025-11-02] Accepted firmware-nonfree 20251021-1 (source) into unstable (Ben Hutchings)
[2025-11-02] Accepted firmware-nonfree 20251011-1 (source) into unstable (Ben Hutchings)
[2025-10-15] Accepted firmware-nonfree 20250917-1 (source) into unstable (Ben Hutchings)
[2025-09-09] Accepted firmware-nonfree 20250808-1~bpo13+1 (all source) into stable-backports (Debian FTP Masters) (signed by: Ben Hutchings)
[2025-08-21] firmware-nonfree 20250808-1 MIGRATED to testing (Debian testing watch)
[2025-08-15] Accepted firmware-nonfree 20250808-1 (source) into unstable (Ben Hutchings)
[2025-07-08] Accepted firmware-nonfree 20250708-1 (source) into experimental (Ben Hutchings)
[2025-07-08] Accepted firmware-nonfree 20250627-1 (source) into experimental (Ben Hutchings)
[2025-06-21] Accepted firmware-nonfree 20250613-1 (source) into experimental (Ben Hutchings)
[2025-06-19] Accepted firmware-nonfree 20250509-1 (source) into experimental (Ben Hutchings)
[2025-05-28] Accepted firmware-nonfree 20250410-2~bpo12+1 (source) into stable-backports (Ben Hutchings)
[2025-05-05] firmware-nonfree 20250410-2 MIGRATED to testing (Debian testing watch)
[2025-04-24] Accepted firmware-nonfree 20250410-2 (source) into unstable (Ben Hutchings)
[2025-04-21] Accepted firmware-nonfree 20250410-1 (source) into unstable (Ben Hutchings)
[2025-04-15] Accepted firmware-nonfree 20250311-1 (source) into unstable (Ben Hutchings)

bugs [bug history graph]

all: 64 67
RC: 0
I&N: 55 57
M&W: 9 10
F&P: 0
patch: 2 3

links

lintian (0, 12)
buildd: logs
popcon
browse source code
edit tags
other distros
security tracker
debian patches