Issued:: 2024-07-16
Updated:: 2024-07-16

RHSA-2024:4575 - Security Advisory

Overview
Updated Packages

Synopsis

Important: linux-firmware security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for linux-firmware is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The linux-firmware packages contain all of the firmware files that are required by various devices to operate.

Security Fix(es):

hw: intel: Improper access control for some Intel(R) PROSet/Wireless WiFi (CVE-2022-27635)
hw: intel: Improper access control for some Intel(R) PROSet/Wireless WiFi (CVE-2022-40964)
hw: intel: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi (CVE-2022-46329)
hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine memory integrity problem (CVE-2023-20592)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 8.2 x86_64

Fixes

BZ - 2238960 - CVE-2022-27635 hw: intel: Improper access control for some Intel(R) PROSet/Wireless WiFi
BZ - 2238961 - CVE-2022-46329 hw: intel: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi
BZ - 2238962 - CVE-2022-40964 hw: intel: Improper access control for some Intel(R) PROSet/Wireless WiFi
BZ - 2244590 - CVE-2023-20592 hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine memory integrity problem

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
linux-firmware-20240419-102.git055dfa8e.el8_2.src.rpm	SHA-256: b93107d8a2d09e8276dda9d356d61d37efe04955fbd9a9fd73a4d59f522b24a8
x86_64
iwl100-firmware-39.31.5.1-102.el8_2.1.noarch.rpm	SHA-256: a442868245ca6d02ae1ed5bbd67bc37b0d32642c882e1c1e62f4ec3b91d19ad8
iwl1000-firmware-39.31.5.1-102.el8_2.1.noarch.rpm	SHA-256: c02913bb7ff9cdfbe8750fb0cc87532567cc17eb6af4d7cb3f60d5e79f5b0989
iwl105-firmware-18.168.6.1-102.el8_2.1.noarch.rpm	SHA-256: 8d67e3c77a1d6b335c7a299183df3e5c7e30f42e2d12b07ddd672ade116e449e
iwl135-firmware-18.168.6.1-102.el8_2.1.noarch.rpm	SHA-256: f72d2556fca3a914b8485ce46154e8a1f05f08bd62be3f395ee7891de55f26b6
iwl2000-firmware-18.168.6.1-102.el8_2.1.noarch.rpm	SHA-256: 9e1017797fe0e1f4b5c938d72dae65a54ca516ded2e658ffcf920bbc57a127d9
iwl2030-firmware-18.168.6.1-102.el8_2.1.noarch.rpm	SHA-256: bfcacb19079330d9cb7bb3736d449a2ff59b459ee1f4bd9e1b3ed29dfcb459a8
iwl3160-firmware-25.30.13.0-102.el8_2.1.noarch.rpm	SHA-256: 1b66bd408d9d0ad5a98e9c22a4345df2736c5b65ff83568c2b1d4e7de9ac504b
iwl3945-firmware-15.32.2.9-102.el8_2.1.noarch.rpm	SHA-256: 1e48abc5d2911dd4b422c5b7ec6cecc87f316d99ecd5edfa7e8649b3909e4de4
iwl4965-firmware-228.61.2.24-102.el8_2.1.noarch.rpm	SHA-256: fe2785fe610f1d5ff5eb9de6c37ff907ef87361e3942a3c9faffa85b4ddc695b
iwl5000-firmware-8.83.5.1_1-102.el8_2.1.noarch.rpm	SHA-256: cb26c081234566819c89686656c098010a211bb8ece4b6f586d41e41e425ea4a
iwl5150-firmware-8.24.2.2-102.el8_2.1.noarch.rpm	SHA-256: 1e21f495b7dc45cd283f1958b9ad4eb3adedcfd869b9d1023f1201ac49af94c4
iwl6000-firmware-9.221.4.1-102.el8_2.1.noarch.rpm	SHA-256: a3cb89a6db9ec3604dd1fc99592b7759b8cd8b557083b7ed9b692d56cb9a5b00
iwl6000g2a-firmware-18.168.6.1-102.el8_2.1.noarch.rpm	SHA-256: 0148a345413b6f6e186edb162455372e326e353867ba856b168301a9b76027d4
iwl6000g2b-firmware-18.168.6.1-102.el8_2.1.noarch.rpm	SHA-256: 4eee2d3015df238c69d65c76103129604e2224720e11199f2829600189df8951
iwl6050-firmware-41.28.5.1-102.el8_2.1.noarch.rpm	SHA-256: c48c11830a545bbd433f3600fe287b10d53346602330c8739d6e9cf65859f155
iwl7260-firmware-25.30.13.0-102.el8_2.1.noarch.rpm	SHA-256: ca5b8ffa9b1d8c5c5bc12dd1b72dce5fe3ae488d129c44d827d3a7e4e623f3dd
libertas-sd8686-firmware-20240419-102.git055dfa8e.el8_2.noarch.rpm	SHA-256: d8693a9cde629cff4c821418c1e2bb48c95a609f03fc775c9bf2c7cbe4d5ee12
libertas-sd8787-firmware-20240419-102.git055dfa8e.el8_2.noarch.rpm	SHA-256: 5f82fdfd52d5734077eb924cca077c4c1d024fc9eaa7061f01f7b040ee52b6ce
libertas-usb8388-firmware-20240419-102.git055dfa8e.el8_2.noarch.rpm	SHA-256: 475e8c705976c38227acb85942c07786536457bc402c9e00d3a0ba2a4b9588ab
libertas-usb8388-olpc-firmware-20240419-102.git055dfa8e.el8_2.noarch.rpm	SHA-256: 83006bdbe6dbae3b7036f9e021a9f670ef69c87dc50ef7369dfe6c4e694be0ab
linux-firmware-20240419-102.git055dfa8e.el8_2.noarch.rpm	SHA-256: 78e68819505ce52683a50894eef1db42bd90f9dfbb8ee2972be18ee4ea5d652e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation