| Name | CVE-2024-25563 |
| Description | Improper initialization in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi before version 23.40 may allow a privileged user to potentially enable information disclosure via local access. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| firmware-nonfree (PTS) | bullseye/non-free | 20210315-3 | vulnerable |
| bookworm/non-free-firmware | 20230210-5 | vulnerable | |
| sid/non-free-firmware, trixie/non-free-firmware | 20240909-2 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| firmware-nonfree | source | (unstable) | 20240610-1 |
[bookworm] - firmware-nonfree <ignored> (Minor issue; upstream commits not fully confirmed by Intel)
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01108.html
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=0c0898b4e0a4c1a46ae01fb42bf39f1cb0dab770
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=b3d445a98ebd6779d921a152349844c3e7b86bf8
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=02ad85a367efdac04e2a33d4f287b689906cb2cd
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=2986e19030e01d9032a62f488e610a210d30ce0b
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=ded56705e80b1f5ad10650cd9196717ba71cbe17
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=2f1461dd48dedd2f3704860e2c045625bbb43a3a
In referenced commits firmware get updated fo release version at last 23.40.0.2.