Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-0145

Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access.

Published

2019-11-14T19:15:12.207

Last Modified

2024-11-21T04:16:19.573

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-120
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System intel ethernet_controller_x710-tm4_firmware < 7.0 Yes
Hardware intel ethernet_controller_x710-tm4 - No
Operating System intel ethernet_controller_x710-at2_firmware < 7.0 Yes
Hardware intel ethernet_controller_x710-at2 - No
Operating System intel ethernet_controller_xxv710-am2_firmware < 7.0 Yes
Hardware intel ethernet_controller_xxv710-am2 - No
Operating System intel ethernet_controller_xxv710-am1_firmware < 7.0 Yes
Hardware intel ethernet_controller_xxv710-am1 - No
Operating System intel ethernet_controller_x710-bm2_firmware < 7.0 Yes
Hardware intel ethernet_controller_x710-bm2 - No
Operating System intel ethernet_controller_710-bm1_firmware < 7.0 Yes
Hardware intel ethernet_controller_710-bm1 - No
Application intel ethernet_700_series_software < 24.0 Yes
Operating System linux linux_kernel < 4.9.244 Yes
Operating System linux linux_kernel < 4.14.205 Yes
Operating System linux linux_kernel < 4.19.139 Yes
Operating System linux linux_kernel < 5.2 Yes
References