(In reply to Thomas Backlund from comment #0)
> Security fixes atleast for Intel Bluetooth...
> I was expecing wifi firmwares too according to:
> https://www.intel.com/content/www/us/en/security-center/default.html
> 
> but nothing so far from Intel, not even in their iwlwifi firmware staging
> tree, so for now the changes are:
> 

Correction... the iwlwifi:
- add new FWs from core63-136 release

adds api 66 firmwares that is supported in 5.15 series kernels, so the fixes should be there...

5.15.23-desktop-1.mga8
Intel NUC, generation 10, x86_64.

Updated all the firmware though most of it probably is not relevant on this system.
harddrake2 identifies the Intel bluetooth hardware as Intel - Unknown, USB bus PCI 1, device 3 - Vendor id: 8087:0026 - module btusb.

Bluetooth audio working as before - immediate connection to portable speaker.

CC: (none) => tarazed25

(In reply to Len Lawrence from comment #2)
> 5.15.23-desktop-1.mga8
> Intel NUC, generation 10, x86_64.
> 
> Updated all the firmware though most of it probably is not relevant on this
> system.
> harddrake2 identifies the Intel bluetooth hardware as Intel - Unknown, USB
> bus PCI 1, device 3 - Vendor id: 8087:0026 - module btusb.
> 
> Bluetooth audio working as before - immediate connection to portable speaker.

On that theese should be relevant:

* iwlwifi-firmware:
  - add new FWs from core63-136 release
  - Update firmware file for Intel Bluetooth 9260, 9462, 9560,
    AX200, AX201, AX210, AX211

For iwlwifi:
dmesg|grep ucode

for bluetooth:
dmesg|grep "Firmware rev"

Whoops!

$ dmesg | grep ucode
[    3.429891] iwlwifi 0000:00:14.3: Direct firmware load for iwlwifi-QuZ-a0-hr-b0-64.ucode failed with error -2
[    3.434467] iwlwifi 0000:00:14.3: loaded firmware version 63.c04f3485.0 QuZ-a0-hr-b0-63.ucode op_mode iwlmvm

$ dmesg | grep "Firmware rev"
$

Thanks Thomas.

(In reply to Len Lawrence from comment #5)
> Whoops!
> 
> $ dmesg | grep ucode
> [    3.429891] iwlwifi 0000:00:14.3: Direct firmware load for
> iwlwifi-QuZ-a0-hr-b0-64.ucode failed with error -2
> [    3.434467] iwlwifi 0000:00:14.3: loaded firmware version 63.c04f3485.0
> QuZ-a0-hr-b0-63.ucode op_mode iwlmvm


Yeah, this is a fun "feature" of Iwlwifi firmware handling...
It tries to load every supported firmware starting from highest api (in this case "64" and when it does not find in it spits out "failed with error -2", and then  drops down to trying api 63 and finds it "loaded firmware version 63"

Here is how it looked on my system before this firmware update:
Direct firmware load for iwlwifi-Qu-c0-hr-b0-66.ucode failed with error -2
Direct firmware load for iwlwifi-Qu-c0-hr-b0-65.ucode failed with error -2
Direct firmware load for iwlwifi-Qu-c0-hr-b0-64.ucode failed with error -2
loaded firmware version 63.c04f3485.0 Qu-c0-hr-b0-63.ucode op_mode iwlmvm

with the update I now get a single:
loaded firmware version 66.f1c864e0.0 Qu-c0-hr-b0-66.ucode op_mode iwlmvm

:)

Dell netbook XPS13
Dual Core Intel Core i7-7500U
Intel HD Graphics 620 driver: i915 v: kernel
Qualcomm Atheros QCA6174 802.11ac - ath10k_pci

Updated the five packages - desktop still running smoothly.
$ dmesg | grep ucode
$ dmesg | grep firmware
[    0.134938] Spectre V2 : Enabling Restricted Speculation for firmware calls
[    2.959900] i915 0000:00:02.0: [drm] Finished loading DMC firmware i915/kbl_dmc_ver1_04.bin (v1.4)
[    5.637676] ath10k_pci 0000:3a:00.0: firmware ver WLAN.RM.4.4.1-00157-QCARMSWPZ-1 api 6 features wowlan,ignore-otp,mfp crc32 90eebefb

Broadcast to TV soundbar via bluetooth.

MGA8 Plasma, on an HP Probook 6550b. No installation issues.

Before the update:

$ dmesg | grep firmware
[    0.000481] Spectre V2 : Enabling Restricted Speculation for firmware calls
[    4.951650] xhci_hcd 0000:02:00.0: failed to load firmware renesas_usb_fw.mem, fallback to ROM
[    6.609096] iwlwifi 0000:43:00.0: Direct firmware load for iwlwifi-6000-6.ucode failed with error -2
[    6.609144] iwlwifi 0000:43:00.0: Direct firmware load for iwlwifi-6000-5.ucode failed with error -2
[    6.611807] iwlwifi 0000:43:00.0: loaded firmware version 9.221.4.1 build 25532 6000-4.ucode op_mode iwldvm

After the update, I see the same result. 

Wifi  is working. The Renesas device is an ExpressCard add-on to provide usb 3.0 ports. Despite the message that loading the firmware failed, those ports are working. 

This laptop does have Bluetooth capability, using a Broadcom 2070-based "HP Integrated Module," and uses the btusb driver. I have played with it once or twice, trying to communicate with an Android tablet, but was never successful. User error, I'm sure. Since dmesg doesn't show anything about firmware for it, I would assume this update doesn't affect it, anyway.

CC: (none) => andrewsfarm

MGA8-64 Plasma on Lenovo B50 in Dutch
No installation issues.
Rebooted and wifi is OK(Intel HW)
This lapatop has bluetooth and that worked OK for the recent bluez updates with a Samsung Galaxy.
Now I could make connection with the KDE System Settings, and in dolphin I see the phone, but i cann't initiate a file transfer (worked OK before).
Googeled  and found ref to Blueman, and that did it perfectly.

CC: (none) => herman.viaene

Dell Dimension e520, Core2Quad, Radeon HD 8570 graphics(amdgpu driver), rtl8192cu wifi dongle, MGA8-64 Plasma.

No installation issues. Rebooted, wifi still works, so does the display. All good here.

Advisory, added to svn:

type: security
subject: Updated nonfree firmware packages fix security vulnerabilities
CVE:
 - CVE-2021-0066
 - CVE-2021-0072
 - CVE-2021-0076
 - CVE-2021-0161
 - CVE-2021-0164
 - CVE-2021-0165
 - CVE-2021-0166
 - CVE-2021-0168
 - CVE-2021-0170
 - CVE-2021-0172
 - CVE-2021-0173
 - CVE-2021-0174
 - CVE-2021-0175
 - CVE-2021-0176
 - CVE-2021-33139
 - CVE-2021-33155
src:
  8:
   nonfree:
     - kernel-firmware-nonfree-20220209-1.mga8.nonfree
     - radeon-firmware-20220209-1.mga8.nonfree
description: |
  This update provides new and updated nonfree firmwares and fixes atleast
  the following security issues:

  Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi
  may allow an unauthenticated user to potentially enable escalation of
  privilege via local access (CVE-2021-0066 / SA-00539).

  Improper input validation in firmware for some Intel(R) PROSet/Wireless
  Wi-Fi may allow a privileged user to potentially enable information
  disclosure via local access (CVE-2021-0072 / SA-00539).

  Improper Validation of Specified Index, Position, or Offset in Input in
  firmware for some Intel(R) PROSet/Wireless Wi-Fi may allow a privileged
  user to potentially enable denial of service via local access
  (CVE-2021-0076 / SA-00539).

  Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi
  may allow a privileged user to potentially enable escalation of privilege
  via local access (CVE-2021-0161, CVE-2021-0168 / SA-00539).

  Improper access control in firmware for Intel(R) PROSet/Wireless Wi-Fi may
  allow an unauthenticated user to potentially enable escalation of privilege
  via local access (CVE-2021-0164 / SA-00539).

  Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi
  may allow an unauthenticated user to potentially enable denial of service
  via adjacent access (CVE-2021-0165 / SA-00539).

  Exposure of Sensitive Information to an Unauthorized Actor in firmware for
  some Intel(R) PROSet/Wireless Wi-Fi may allow a privileged user to potentially
  enable escalation of privilege via local access (CVE-2021-0166 / SA-00539).

  Exposure of Sensitive Information to an Unauthorized Actor in firmware for
  some Intel(R) PROSet/Wireless Wi-Fi may allow an authenticated user to
  potentially enable information disclosure via local access
  (CVE-2021-0170 / SA-00539).

  Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi
  may allow an unauthenticated user to potentially enable denial of service via
  adjacent access (CVE-2021-0172 / SA-00539).

  Improper Validation of Consistency within input in firmware for some Intel(R)
  PROSet/Wireless Wi-Fi may allow a unauthenticated user to potentially enable
  denial of service via adjacent access (CVE-2021-0173 / SA-00539).

  Improper Use of Validation Framework in firmware for some Intel(R) PROSet/
  Wireless Wi-Fi may allow a unauthenticated user to potentially enable denial
  of service via adjacent access (CVE-2021-0174 / SA-00539).

  Improper Validation of Specified Index, Position, or Offset in Input in
  firmware for some Intel(R) PROSet/Wireless Wi-Fi may allow an unauthenticated
  user to potentially enable denial of service via adjacent access
  (CVE-2021-0175 / SA-00539).

  Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi
  may allow a privileged user to potentially enable denial of service via local
  access (CVE-2021-0176 / SA-00539).

  Improper conditions check in firmware for some Intel(R) Wireless Bluetooth(R)
  products may allow an authenticated user to potentially enable denial of service
  via adjacent access (CVE-2021-33139 / SA-00604).

  Improper input validation in firmware for some Intel(R) Wireless Bluetooth(R)
  products may allow an authenticated user to potentially enable denial of service
  via adjacent access (CVE-2021-33155 / SA-00604).

  Full list of firmware changes/updates:
  * kernel-firmware-nonfree:
    - cnm: add chips&media wave521c firmware
    - cxgb4: Update firmware to revision 1.26.6.0
    - i915: Add DMC firmware v2.16 for ADL-P
    - marvell: add CPT firmware images
    - mediatek: add firmware for MT7916
    - mediatek: update firmware for MT7915
    - mediatek: update firmware for MT7921 bluetooth chip
    - mediatek: update firmware for MT7921 WiFi device
    - mediatek: Update MT8173 VPU firmware to v1.1.7
    - Mellanox: Add new mlxsw_spectrum firmware xx.2010.1232
    - QCA: Add Bluetooth nvm file for WCN685x
    - QCA: Update Bluetooth WCN685x 2.0 firmware to 2.0.0-00609
    - QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00324
    - WHENCE: add missing symlink for NanoPi R1

  * iwlwifi-firmware:
    - add new FWs from core63-136 release
    - add new FWs from core66-88 release
    - update 9000-family firmwares to core66-88
    - Update firmware file for Intel Bluetooth 9260, 9462, 9560,
      AX200, AX201, AX210, AX211

  * radeon-firmware:
    - amdgpu: update yellow carp dmcub firmware

  * rtlwifi-firmware:
    - rtw88: 8822c: Update normal firmware to v9.9.11
references:
 - https://bugs.mageia.org/show_bug.cgi?id=30038
 - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
 - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00604.html

Keywords: (none) => advisory

sending it along so it gets installed with the new kernel

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Whiteboard: (none) => MGA8-64-OK

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0065.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

This went through quicker than I thought :)
Reporting in short

64 bit OK - No regressions noted on 4 systems user more or less hours
Tested together: kernel-desktop, mesa, microcode, nonfree firmwares


§ Workstation "svarten": plasma, nvidia-current, ...
Details: https://bugs.mageia.org/show_bug.cgi?id=30030#c18


§ Virtual box guest mga 8, details noted in same kernel bug comment.


§ Laptop Asus A717, Plasma
i5-7300HQ, integrated HD Graphics 630, using "Intel 810 and later" (GPU 2 not configured), wifi Atheros QCA6174 using ath10k_pci


§ Laptop Thinkpad T510, Plasma
GPU i5-M540, 4 core
GPU: GT218M[NVS 3100M] using NVIDIA GeForce 8100 to GeForce 415
wifi: Centrino Advanced N 6200, using iwlwifi


§ Laptop Dell Dimension M63000, Plasma
CPU: Core2 Duo T7500
GPU: G84GLM [Quadro FX 1600M] using NVIDIA GeForce 8100 to GeForce 415
wifi: PRO/Wireless 3945ABG using iwl3945

CC: (none) => fri