Skip to main content

Ac 3165 Firmware CVE-2020-0553

MEDIUM
Out-of-bounds Read (CWE-125)
2020-08-13 secure@intel.com
4.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.4 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 13, 2020 - 04:15 nvd
MEDIUM 4.4

DescriptionNVD

Out-of-bounds read in kernel mode driver for some Intel(R) Wireless Bluetooth(R) products on Windows* 10, may allow a privileged user to potentially enable information disclosure via local access.

AnalysisAI

Out-of-bounds read in kernel mode driver for some Intel(R) Wireless Bluetooth(R) products on Windows* 10, may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. Out-of-bounds read in kernel mode driver for some Intel(R) Wireless Bluetooth(R) products on Windows* 10, may allow a privileged user to potentially enable information disclosure via local access. Affected products include: Intel Ac 3165 Firmware, Intel Ac 3168 Firmware, Intel Ac 7265 Firmware, Intel Ac 8260 Firmware, Intel Ac 8265 Firmware.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2021-0071 HIGH
8.8 Nov 17

Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi in UEFI may allow an unauthenticated user t

CVE-2021-0078 HIGH
8.1 Nov 17

Improper input validation in software for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow

CVE-2021-0151 HIGH
7.8 Nov 17

Improper access control in the installer for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products in

CVE-2021-0082 HIGH
7.8 Nov 17

Uncontrolled search path in software installer for Intel(R) PROSet/Wireless WiFi in Windows 10 may allow an authenticate

CVE-2021-0065 HIGH
7.8 Nov 17

Incorrect default permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.4

CVE-2021-0064 HIGH
7.8 Nov 17

Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.

CVE-2020-0559 HIGH
7.8 Aug 13

Insecure inherited permissions in some Intel(R) PROSet/Wireless WiFi products on Windows* 7 and 8.1 before version 21.40

CVE-2020-0555 HIGH
7.8 Aug 13

Improper input validation for some Intel(R) Wireless Bluetooth(R) products may allow an authenticated user to potentiall

CVE-2020-0554 HIGH
7.0 Aug 13

Race condition in software installer for some Intel(R) Wireless Bluetooth(R) products on Windows* 7, 8.1 and 10 may allo

CVE-2021-0079 MEDIUM
6.5 Nov 17

Improper input validation in software for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow

CVE-2021-0069 MEDIUM
6.5 Nov 17

Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and some Kill

CVE-2021-0063 MEDIUM
6.5 Nov 17

Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow

Share

CVE-2020-0553 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy