[Intel-wired-lan] Further information on CVE-2019-0145/CVE-2019-0146/CVE-2019-0147/CVE-2019-0148/CVE-2019-0149 for Linux?
Moritz Muehlenhoff
jmm at inutil.org
Thu Jul 16 20:39:02 UTC 2020
Hi,
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html refers
to vulnerabilities in Intel Ethernet drivers and a few of them refer to the i40e driver
specifically:
CVEID: CVE-2019-0145
Description: Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers
versions before 7.0 may allow an authenticated user to potentially enable an escalation
of privilege via local access.
CVEID: CVE-2019-0146
Description: Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers
versions before 2.8.43 may allow an authenticated user to potentially enable a denial of
service via local access.
CVEID: CVE-2019-0147
Description: Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series
Controllers versions before 7.0 may allow an authenticated user to potentially enable a
denial of service via local access.
CVEID: CVE-2019-0148
Description: Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers
versions before 7.0 may allow an authenticated use to potentially enable a denial of
service via local access.
CVEID: CVE-2019-0149
Description: Insufficient input validation in i40e driver for Intel(R) Ethernet 700
Series Controllers versions before 2.8.43 may allow an authenticated user to potentially
enable a denial of service via local access.
Is there any further information which commits fixed these and if so, were they submitted
to stable kernels? (The Debian kernels are based on 4.9.x and 4.19.x LTS kernels, so that
we can make sure these are addressed in stable/oldstable releases)
Cheers,
Moritz
More information about the Intel-wired-lan
mailing list