Bug 1178872 (CVE-2020-12313)

Summary: VUL-0: CVE-2020-12313,CVE-2020-12317,CVE-2020-12319,CVE-2017-13080: kernel-firmware: Intel WiFi firmware update
Product: [Novell Products] SUSE Security Incidents Reporter: Wolfgang Frisch <wolfgang.frisch>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P3 - Medium CC: jack, smash_bz, thomas.leroy, tiwai, wolfgang.frisch
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/271704/
See Also: https://bugzilla.suse.com/show_bug.cgi?id=1063667
Whiteboard: CVSSv3.1:SUSE:CVE-2020-12313:8.8:(AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSSv3.1:SUSE:CVE-2020-12317:6.5:(AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSSv3.1:SUSE:CVE-2020-12319:6.5:(AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Wolfgang Frisch 2020-11-17 08:41:03 UTC 
CVE-2020-12313

Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi
products before version 21.110 may allow an unauthenticated user to potentially
enable escalation of privilege via adjacent access.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12313
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12313
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402


CVE-2020-12317

Improper buffer restriction in some Intel(R) PROSet/Wireless WiFi products
before version 21.110 may allow an unauthenticated user to potentially enable
denial of service via adjacent access.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12317
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402


CVE-2020-12319

Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi
products before version 21.110 may allow an unauthenticated user to potentially
enable denial of service via adjacent access.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12319
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12319
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402


CVE-2017-13080

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402
Comment 1 Wolfgang Frisch 2020-11-17 08:43:22 UTC 
CVE-2017-13080 is already fixed in our kernels.

I assume this WiFi firmware update provides a redundant fix.
Comment 2 Takashi Iwai 2020-11-20 23:04:00 UTC 
Sorry, I overlooked this bug entry.

Don't we need any driver side fixes?  The details seem missing...
Comment 5 Jan Kara 2022-05-10 12:18:20 UTC 
Takashi, is there anything that could be done here or do we just close the bug?
Comment 6 Takashi Iwai 2022-05-10 12:20:07 UTC 
IMO, this is a WONTFIX bug.

If we ever get more details for the needed fix, we can take that, but it's pretty unlikely.
Comment 7 Takashi Iwai 2022-05-24 15:03:20 UTC 
Reassigned back to security team.  The iwlwifi firmware files have been updated for other CVE entries already, and there is no other change needed, as it seems.
Comment 8 Thomas Leroy 2022-08-10 07:20:01 UTC 
Hi Takashi, would it be possible to update ibt-hw to ibt-hw-37.8.10-fw-22.50.19.14.f.bseq on SUSE:SLE-11-SP3:Update?
Comment 9 Takashi Iwai 2022-08-10 07:36:14 UTC 
(In reply to Thomas Leroy from comment #8)
> Hi Takashi, would it be possible to update ibt-hw to
> ibt-hw-37.8.10-fw-22.50.19.14.f.bseq on SUSE:SLE-11-SP3:Update?

The update is pending for bsc#913459 over 6 years.  Can it be merged at first?
Comment 10 Thomas Leroy 2022-08-10 07:57:16 UTC 
(In reply to Takashi Iwai from comment #9)
> (In reply to Thomas Leroy from comment #8)
> > Hi Takashi, would it be possible to update ibt-hw to
> > ibt-hw-37.8.10-fw-22.50.19.14.f.bseq on SUSE:SLE-11-SP3:Update?
> 
> The update is pending for bsc#913459 over 6 years.  Can it be merged at
> first?

It seems that the corresponding IBS incident SUSE:Maintenance:1251 has been removed. It's likely that we will need a new submission for bsc#913459... I can't see why the incident has been removed, so I would say let's wait for Marcus to potentially give further information there. If we need a new submission for bsc#913459, let's just mention these CVEs in the changes file.
Comment 11 Takashi Iwai 2022-08-17 15:48:27 UTC 
I checked the SLE11-SP3-LTSS kernel code, and this (3.0-based) kernel doesn't support Intel BT patching at all.  So firmware is useless there.

Reassigned back.
Comment 12 Thomas Leroy 2022-08-24 08:37:46 UTC 
(In reply to Takashi Iwai from comment #11)
> I checked the SLE11-SP3-LTSS kernel code, and this (3.0-based) kernel
> doesn't support Intel BT patching at all.  So firmware is useless there.
> 
> Reassigned back.

Thanks for checking Takashi. Setting 11sp3 as not affected and closing