linux-firmware-20230814-140.el9

エラータID: AXSA:2023-6596:10

Release date: 
Wednesday, December 6, 2023 - 07:18
Subject: 
linux-firmware-20230814-140.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

The linux-firmware packages contain all of the firmware files that are required
by various devices to operate.

Security Fix(es):

* hw: intel: Improper access control for some Intel(R) PROSet/Wireless WiFi
(CVE-2022-27635)
* hw: intel: Improper access control for some Intel(R) PROSet/Wireless WiFi
(CVE-2022-40964)
* hw: intel: Protection mechanism failure for some Intel(R) PROSet/Wireless
WiFi (CVE-2022-46329)
* hw: intel: Improper input validation in some Intel(R) PROSet/Wireless WiFi
(CVE-2022-36351)
* hw amd: Return Address Predictor vulnerability leading to information
disclosure (CVE-2023-20569)
* hw: intel: Improper input validation in some Intel(R) PROSet/Wireless WiFi
(CVE-2022-38076)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the MIRACLE LINUX 9.3
Release Notes linked from the References section.

CVE-2022-27635
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM)
WiFi software may allow a privileged user to potentially enable escalation of
privilege via local access.
CVE-2022-36351
Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM)
WiFi software may allow an unauthenticated user to potentially enable denial of
service via adjacent access.
CVE-2022-38076
Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM)
WiFi software may allow an authenticated user to potentially enable escalation
of privilege via local access.
CVE-2022-40964
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM)
WiFi software may allow a privileged user to potentially enable escalation of
privilege via local access.
CVE-2022-46329
Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may
allow a privileged user to potentially enable escalation of privilege via local
access.
CVE-2023-20569
A side channel vulnerability on some of the AMD CPUs may allow an attacker to
influence the return address prediction. This may result in speculative
execution at an attacker-controlled address, potentially leading to information
disclosure.

Solution: 

Update packages.

CVEs: 
CVE-2022-27635
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-36351
Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2022-38076
Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-40964
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-46329
Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-20569
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
Additional Info: 

N/A

Download: 

SRPMS
  1. linux-firmware-20230814-140.el9.src.rpm
    MD5: 80cc1fd9a3fd7cf0059e229e6c394a6c
    SHA-256: 693e5b43153f3aaf8951c785401516cb684277bc917882b0a69e5f25ad3ad455
    Size: 274.83 MB

Asianux Server 9 for x86_64
  1. iwl1000-firmware-39.31.5.1-140.el9.noarch.rpm
    MD5: dac14928b4cfd58d76f84cb8f6428fb4
    SHA-256: d6a2e1721b404d602259e3223e4bc281d5ada983e984a563fd5a0f30e3b367e4
    Size: 167.48 kB
  2. iwl100-firmware-39.31.5.1-140.el9.noarch.rpm
    MD5: dd4af3668642d3ec85b9c571a5de5d29
    SHA-256: a45a04b8224ef06432f3580ad4c48ccbe1303fdf9293e77ecfce013a440159a1
    Size: 167.19 kB
  3. iwl105-firmware-18.168.6.1-140.el9.noarch.rpm
    MD5: 755dcd6c2c5e6dbc81edac6742547285
    SHA-256: 8fd4becbe5042bad0fda256b187c57f8a30bac91d88b21f17d467d53b7e508be
    Size: 246.09 kB
  4. iwl135-firmware-18.168.6.1-140.el9.noarch.rpm
    MD5: 6cc824f97433acb7c286fe9f29494d91
    SHA-256: 817558c0ddc4da7d8fd261ef835f6205f3b9af17dfbc7adc7a682487084bd671
    Size: 254.58 kB
  5. iwl2000-firmware-18.168.6.1-140.el9.noarch.rpm
    MD5: 15342ae0559044a51ae44c8f39e29743
    SHA-256: 9cb513adbfd063eb4ba3fca46742c4be572918b20f623ce94919c09e306c981f
    Size: 248.48 kB
  6. iwl2030-firmware-18.168.6.1-140.el9.noarch.rpm
    MD5: 9ce18fa0c7ce706097ebb95d0f64172e
    SHA-256: 18c103d76487f7b31059244148d7089607a9dcfdbc03636a4e36412169dea702
    Size: 256.97 kB
  7. iwl3160-firmware-25.30.13.0-140.el9.noarch.rpm
    MD5: 818c3fb6f627212c8f234835574bb714
    SHA-256: 430f08234091fe8e9f79fe2192fbd96483c894e4764ec6f6ce08416f02b46e0f
    Size: 523.80 kB
  8. iwl5000-firmware-8.83.5.1_1-140.el9.noarch.rpm
    MD5: c9f725707552a7ea5fdc96f6a1c5825f
    SHA-256: 28c0cbc04b794ad7868067ef64d0f128184d9ffd4e4b3b954f744f10d3b91d84
    Size: 164.46 kB
  9. iwl5150-firmware-8.24.2.2-140.el9.noarch.rpm
    MD5: 34031cde3fff834f5c8cbc2833525f34
    SHA-256: 7cc9f5572325cfb4049f3db371cf16c1f29bfa2181bd764042dc8af6416d8c3c
    Size: 163.91 kB
  10. iwl6000g2a-firmware-18.168.6.1-140.el9.noarch.rpm
    MD5: b0432f05c6fe3546ee8588375c0f6fd1
    SHA-256: 7a4615910eca1de1dea95820772fe3dfef2246f32cb55c8dcfba4898c6f0cdd9
    Size: 232.19 kB
  11. iwl6000g2b-firmware-18.168.6.1-140.el9.noarch.rpm
    MD5: c55b752b314263aee945b55a9d194a59
    SHA-256: 60bfbd5f3b3fb06e643df32baca91c49159236d89ed35a37d053f488c708ca3e
    Size: 233.75 kB
  12. iwl6050-firmware-41.28.5.1-140.el9.noarch.rpm
    MD5: f6abd72921d57aea412407be82bc1c51
    SHA-256: da0d66e5431747b9ccb30dc019819f36c8832b3336467d13b35f589308582917
    Size: 189.44 kB
  13. iwl7260-firmware-25.30.13.0-140.el9.noarch.rpm
    MD5: 45a617b0636c947f7791f9d5cf100c88
    SHA-256: e9f85346c9b27d8284c16fd4ffadc9c945b83c0cbd8132736cc2f95f239595b8
    Size: 40.89 MB
  14. libertas-sd8787-firmware-20230814-140.el9.noarch.rpm
    MD5: 54809cd0eb9a86d983a2ccaa0dfe1c34
    SHA-256: 3c8de83d5392c63b316adf93ba6df28386c9801a63045a3afd37fdfd60c196ba
    Size: 340.57 kB
  15. linux-firmware-20230814-140.el9.noarch.rpm
    MD5: 073661a90ccb6beeb7229ba85e2607dd
    SHA-256: eef04035e51aa406512337d40af7250cce8ba4e0ed3fe997465b7d7fe000c59f
    Size: 307.38 MB
  16. linux-firmware-whence-20230814-140.el9.noarch.rpm
    MD5: c606f527c94b64aefaeb85fae63e01e6
    SHA-256: 4881309789afe159ebb68273f19e30ec2108c160a958f2b2957c469b624f3ebf
    Size: 81.25 kB
  17. netronome-firmware-20230814-140.el9.noarch.rpm
    MD5: 7f84567c3ad96b34e2071f1c40cbad19
    SHA-256: 16f8f815d84dda940ce4ed0eef75981de3847672099d7766c8fc66333cdf98df
    Size: 4.42 MB