USN-3505-1
- Source
- https://ubuntu.com/security/notices/USN-3505-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3505-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/USN-3505-1
- Upstream
- Related
- Published
- 2017-12-06T06:58:33.513909Z
- Modified
- 2025-10-13T04:34:33Z
- Summary
- linux-firmware vulnerabilities
- Details
-
Mathy Vanhoef discovered that the firmware for several Intel WLAN devices incorrectly handled WPA2 in relation to Wake on WLAN. A remote attacker could use this issue with key reinstallation attacks to obtain sensitive information. (CVE-2017-13080, CVE-2017-13081)
- References
Affected packages
Ubuntu:14.04:LTS / linux-firmware
Package
- Name
- linux-firmware
- Purl
- pkg:deb/ubuntu/linux-firmware@1.127.24?arch=source&distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.127.24
Affected versions
1.*
1.116
1.117
1.118
1.119
1.121
1.122
1.123
1.124
1.125
1.126
1.127
1.127.2
1.127.3
1.127.4
1.127.5
1.127.6
1.127.7
1.127.8
1.127.10
1.127.11
1.127.12
1.127.13
1.127.14
1.127.15
1.127.16
1.127.18
1.127.19
1.127.20
1.127.22
1.127.23
Ecosystem specific
{
"binaries": [
{
"binary_name": "linux-firmware",
"binary_version": "1.127.24"
},
{
"binary_name": "nic-firmware",
"binary_version": "1.127.24"
},
{
"binary_name": "scsi-firmware",
"binary_version": "1.127.24"
}
],
"availability": "No subscription required"
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:14.04:LTS",
"cves": [
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
{
"type": "Ubuntu",
"score": "high"
}
],
"id": "CVE-2017-13080"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
{
"type": "Ubuntu",
"score": "high"
}
],
"id": "CVE-2017-13081"
}
]
}
Ubuntu:16.04:LTS / linux-firmware
Package
- Name
- linux-firmware
- Purl
- pkg:deb/ubuntu/linux-firmware@1.157.14?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.157.14
Affected versions
1.*
1.149
1.150
1.152
1.153
1.154
1.155
1.156
1.157
1.157.1
1.157.2
1.157.3
1.157.4
1.157.5
1.157.6
1.157.8
1.157.10
1.157.11
1.157.12
1.157.13
Ecosystem specific
{
"binaries": [
{
"binary_name": "linux-firmware",
"binary_version": "1.157.14"
},
{
"binary_name": "nic-firmware",
"binary_version": "1.157.14"
},
{
"binary_name": "scsi-firmware",
"binary_version": "1.157.14"
}
],
"availability": "No subscription required"
}
Database specific
cves_map
{
"ecosystem": "Ubuntu:16.04:LTS",
"cves": [
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
{
"type": "Ubuntu",
"score": "high"
}
],
"id": "CVE-2017-13080"
},
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
{
"type": "Ubuntu",
"score": "high"
}
],
"id": "CVE-2017-13081"
}
]
}