Skip to main content

Ethernet Controller X710 Tm4 Firmware CVE-2019-0145

HIGH
Classic Buffer Overflow (CWE-120)
2019-11-14 secure@intel.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 14, 2019 - 19:15 nvd
HIGH 7.8

DescriptionNVD

Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access.

AnalysisAI

Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Technical ContextAI

This vulnerability is classified as Buffer Copy without Size Check (CWE-120), which allows attackers to overflow a buffer to corrupt adjacent memory. Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Affected products include: Intel Ethernet Controller X710-Tm4 Firmware, Intel Ethernet Controller X710-At2 Firmware, Intel Ethernet Controller Xxv710-Am2 Firmware, Intel Ethernet Controller Xxv710-Am1 Firmware, Intel Ethernet Controller X710-Bm2 Firmware. Version information: before 7.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Always validate buffer sizes before copy operations. Use bounded functions (strncpy, snprintf). Enable compiler protections.

CVE-2019-0140 HIGH
8.8 Nov 14

Buffer overflow in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an unauthenticated

CVE-2019-0142 HIGH
8.2 Nov 14

Insufficient access control in ilp60x64.sys driver for Intel(R) Ethernet 700 Series Controllers before version 1.33.0.0

CVE-2021-0200 MEDIUM
6.7 Nov 17

Out-of-bounds write in the firmware for Intel(R) Ethernet 700 Series Controllers before version 8.2 may allow a privileg

CVE-2019-0139 MEDIUM
6.7 Nov 14

Insufficient access control in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow a priv

CVE-2019-0144 MEDIUM
6.5 Nov 14

Unhandled exception in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an authenticat

CVE-2019-0149 MEDIUM
5.5 Nov 14

Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may all

CVE-2019-0148 MEDIUM
5.5 Nov 14

Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated

CVE-2019-0147 MEDIUM
5.5 Nov 14

Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow

CVE-2019-0146 MEDIUM
5.5 Nov 14

Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authentica

CVE-2019-0143 MEDIUM
5.5 Nov 14

Unhandled exception in Kernel-mode drivers for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an

CVE-2019-0150 MEDIUM
5.1 Nov 14

Insufficient access control in firmware Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow a privile

Share

CVE-2019-0145 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy