Bug 1195786 - VUL-0: CVE-2021-33139,CVE-2021-33155: kernel-firmware: multiple vulnerabilities in Bluetooth firmware (INTEL-SA-00604)
VUL-0: CVE-2021-33139,CVE-2021-33155: kernel-firmware: multiple vulnerabiliti...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/323330/
CVSSv3.1:SUSE:CVE-2021-33139:5.7:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-02-10 13:55 UTC by Carlos López
Modified: 2022-06-02 16:20 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos López 2022-02-10 13:55:40 UTC
INTEL-SA-00604


CVEID:  CVE-2021-33139

Description: Improper conditions check in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.100 may allow an authenticated user to potentially enable denial of service via adjacent access.

CVSS Base Score: 5.7 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H



CVEID:  CVE-2021-33155

Description: Improper input validation in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.100 may allow an authenticated user to potentially enable denial of service via adjacent access.

CVSS Base Score: 5.7 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H



Affected Products:

Intel® Wireless Bluetooth® and Killer™ Bluetooth® products with drivers before version 22.100:

    Intel® Wi-Fi 6 AX211
    Intel® Wi-Fi 6 AX210
    Intel® Wi-Fi 6 AX201
    Intel® Wi-Fi 6 AX200
    Intel® Wireless-AC 9560
    Intel® Wireless-AC 9462
    Intel® Wireless-AC 9461
    Intel® Wireless-AC 9260
    Intel® Dual Band Wireless-AC 8265
    Intel® Dual Band Wireless-AC 8260
    Intel® Dual Band Wireless-AC 3168
    Intel® Wireless 7265 (Rev D) Family
    Intel® Dual Band Wireless-AC 3165
    Killer™ Wi-Fi 6E AX1675       
    Killer™ Wi-Fi 6 AX1650
    Killer™ Wireless-AC 1550
Comment 1 Carlos López 2022-02-10 13:56:45 UTC
Commits 36c115f through b0e898f in upstream kernel-firmware seem to introduce the v22.100 firmware files for most of the products listed above, but I don't see any references to the 8xxx, 7265 and 316x models.

"Killer" models are not relevant for us.
Comment 2 Takashi Iwai 2022-02-10 14:12:53 UTC
It seems that no new firmware have been released for those old chips.

If the update of already available firmwares is enough, I can prepare the kernel-firmware package updates.  Or should I wait for more inputs?
Comment 3 Takashi Iwai 2022-02-10 14:16:14 UTC
And maybe we should wait for CVE assignment, too?
Comment 4 Carlos López 2022-02-10 14:31:54 UTC
(In reply to Takashi Iwai from comment #2)
> It seems that no new firmware have been released for those old chips.
> 
> If the update of already available firmwares is enough, I can prepare the
> kernel-firmware package updates.  Or should I wait for more inputs?

The upstream patches are over two months old, so I would say we can proceed.

(In reply to Takashi Iwai from comment #3)
> And maybe we should wait for CVE assignment, too?

There's CVE assignment for both vulnerabilities, sorry if it was not clear in #0 :)
Comment 5 Carlos López 2022-02-10 14:59:17 UTC
The following codestreams are affected:
 - SUSE:SLE-12-SP2:Update *
 - SUSE:SLE-12-SP4:Update
 - SUSE:SLE-15:Update
 - SUSE:SLE-15-SP1:Update
 - SUSE:SLE-15-SP3:Update

*: this codestream only has firmware for the 8265 model, which does not seem to have an update.
Comment 6 Takashi Iwai 2022-02-23 10:17:50 UTC
(In reply to Carlos López from comment #4)
> (In reply to Takashi Iwai from comment #3)
> > And maybe we should wait for CVE assignment, too?
> 
> There's CVE assignment for both vulnerabilities, sorry if it was not clear
> in #0 :)

Ah I see now.  Could you update the bugzilla subject accordingly, too?
Comment 8 Takashi Iwai 2022-02-24 15:54:14 UTC
Submitted to corresponding branches.  Reassigned back to security team.
Comment 10 Takashi Iwai 2022-02-28 13:58:41 UTC
I updated those firmware files and resubmitted.
Also submitted to SLE15-SP4, too.
Comment 12 Swamp Workflow Management 2022-03-04 14:28:00 UTC
SUSE-SU-2022:0721-1: An update that fixes 17 vulnerabilities is now available.

Category: security (important)
Bug References: 1195786,1196333
CVE References: CVE-2021-0066,CVE-2021-0072,CVE-2021-0076,CVE-2021-0161,CVE-2021-0164,CVE-2021-0165,CVE-2021-0166,CVE-2021-0168,CVE-2021-0170,CVE-2021-0172,CVE-2021-0173,CVE-2021-0174,CVE-2021-0175,CVE-2021-0176,CVE-2021-0183,CVE-2021-33139,CVE-2021-33155
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    kernel-firmware-20200107-3.26.1
SUSE Manager Retail Branch Server 4.1 (src):    kernel-firmware-20200107-3.26.1
SUSE Manager Proxy 4.1 (src):    kernel-firmware-20200107-3.26.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    kernel-firmware-20200107-3.26.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-firmware-20200107-3.26.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    kernel-firmware-20200107-3.26.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    kernel-firmware-20200107-3.26.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-firmware-20200107-3.26.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-firmware-20200107-3.26.1
SUSE Linux Enterprise Realtime Extension 15-SP2 (src):    kernel-firmware-20200107-3.26.1
SUSE Linux Enterprise Micro 5.0 (src):    kernel-firmware-20200107-3.26.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    kernel-firmware-20200107-3.26.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    kernel-firmware-20200107-3.26.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-firmware-20200107-3.26.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-firmware-20200107-3.26.1
SUSE Enterprise Storage 7 (src):    kernel-firmware-20200107-3.26.1
SUSE Enterprise Storage 6 (src):    kernel-firmware-20200107-3.26.1
SUSE CaaS Platform 4.0 (src):    kernel-firmware-20200107-3.26.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2022-03-21 14:19:31 UTC
SUSE-SU-2022:0910-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1195786
CVE References: CVE-2021-33139,CVE-2021-33155
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    kernel-firmware-20190618-5.22.1
SUSE OpenStack Cloud 9 (src):    kernel-firmware-20190618-5.22.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    kernel-firmware-20190618-5.22.1
SUSE Linux Enterprise Server 12-SP5 (src):    kernel-firmware-20190618-5.22.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    kernel-firmware-20190618-5.22.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Swamp Workflow Management 2022-03-22 14:22:51 UTC
SUSE-SU-2022:0933-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1195786
CVE References: CVE-2021-33139,CVE-2021-33155
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    kernel-firmware-20191118-3.39.1
SUSE Linux Enterprise Server 15-LTSS (src):    kernel-firmware-20191118-3.39.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    kernel-firmware-20191118-3.39.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    kernel-firmware-20191118-3.39.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Swamp Workflow Management 2022-03-31 13:20:08 UTC
SUSE-SU-2022:1065-1: An update that fixes 18 vulnerabilities is now available.

Category: security (important)
Bug References: 1186938,1188662,1192953,1195786,1196333
CVE References: CVE-2021-0066,CVE-2021-0071,CVE-2021-0072,CVE-2021-0076,CVE-2021-0161,CVE-2021-0164,CVE-2021-0165,CVE-2021-0166,CVE-2021-0168,CVE-2021-0170,CVE-2021-0172,CVE-2021-0173,CVE-2021-0174,CVE-2021-0175,CVE-2021-0176,CVE-2021-0183,CVE-2021-33139,CVE-2021-33155
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-firmware-20210208-150300.4.7.1
SUSE Linux Enterprise Micro 5.1 (src):    kernel-firmware-20210208-150300.4.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 18 Swamp Workflow Management 2022-03-31 13:22:07 UTC
openSUSE-SU-2022:1065-1: An update that fixes 18 vulnerabilities is now available.

Category: security (important)
Bug References: 1186938,1188662,1192953,1195786,1196333
CVE References: CVE-2021-0066,CVE-2021-0071,CVE-2021-0072,CVE-2021-0076,CVE-2021-0161,CVE-2021-0164,CVE-2021-0165,CVE-2021-0166,CVE-2021-0168,CVE-2021-0170,CVE-2021-0172,CVE-2021-0173,CVE-2021-0174,CVE-2021-0175,CVE-2021-0176,CVE-2021-0183,CVE-2021-33139,CVE-2021-33155
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-firmware-20210208-150300.4.7.1
Comment 22 Takashi Iwai 2022-05-18 12:57:17 UTC
The missing update for SLE-12-SP2 was also submitted (together with AMD update).

Reassigned back to security team.
Comment 24 Swamp Workflow Management 2022-05-19 19:21:38 UTC
SUSE-SU-2022:1751-1: An update that fixes 18 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1192953,1195786,1199459,1199470
CVE References: CVE-2021-0071,CVE-2021-26312,CVE-2021-26339,CVE-2021-26342,CVE-2021-26347,CVE-2021-26348,CVE-2021-26349,CVE-2021-26350,CVE-2021-26364,CVE-2021-26372,CVE-2021-26373,CVE-2021-26375,CVE-2021-26376,CVE-2021-26378,CVE-2021-26388,CVE-2021-33139,CVE-2021-33155,CVE-2021-46744
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    kernel-firmware-20200107-150100.3.31.1
SUSE Manager Retail Branch Server 4.1 (src):    kernel-firmware-20200107-150100.3.31.1
SUSE Manager Proxy 4.1 (src):    kernel-firmware-20200107-150100.3.31.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    kernel-firmware-20200107-150100.3.31.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    kernel-firmware-20200107-150100.3.31.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    kernel-firmware-20200107-150100.3.31.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    kernel-firmware-20200107-150100.3.31.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    kernel-firmware-20200107-150100.3.31.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    kernel-firmware-20200107-150100.3.31.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    kernel-firmware-20200107-150100.3.31.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    kernel-firmware-20200107-150100.3.31.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    kernel-firmware-20200107-150100.3.31.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    kernel-firmware-20200107-150100.3.31.1
SUSE Enterprise Storage 7 (src):    kernel-firmware-20200107-150100.3.31.1
SUSE Enterprise Storage 6 (src):    kernel-firmware-20200107-150100.3.31.1
SUSE CaaS Platform 4.0 (src):    kernel-firmware-20200107-150100.3.31.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 25 Swamp Workflow Management 2022-06-02 16:20:30 UTC
SUSE-SU-2022:1923-1: An update that fixes 17 vulnerabilities is now available.

Category: security (important)
Bug References: 1195786,1199459,1199470
CVE References: CVE-2021-26312,CVE-2021-26339,CVE-2021-26342,CVE-2021-26347,CVE-2021-26348,CVE-2021-26349,CVE-2021-26350,CVE-2021-26364,CVE-2021-26372,CVE-2021-26373,CVE-2021-26375,CVE-2021-26376,CVE-2021-26378,CVE-2021-26388,CVE-2021-33139,CVE-2021-33155,CVE-2021-46744
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    kernel-firmware-20220509-150400.4.5.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    kernel-firmware-20220509-150400.4.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.