CVE-2019-0149

CWE-20 — Improper Input Validation5 documents5 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 64.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Ethernet 700 Series Software Intel Ethernet Controller 710-bm1 Firmware Intel Ethernet Controller X710-at2 Firmware +4 more

Timeline

PublishedNov 14

Latest updateMay 24

Description

Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages9 packages

▶CVEListV52019.2_ipu_–_intel(r)_ethernet_700_series_controllersSee provided reference

▶NVDintel/ethernet_700_series_software< 24.0

▶NVDintel/ethernet_controller_710-bm1_firmware< 2.8.43

▶NVDintel/ethernet_controller_x710-at2_firmware< 2.8.43

▶NVDintel/ethernet_controller_x710-bm2_firmware< 2.8.43

Patches

Patch: www.intel.com ↗Patch: www.intel.com ↗

🔴Vulnerability Details

GHSA

GHSA-rfmx-33qg-6pj7: Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2↗2022-05-24

▶

OSV

CVE-2019-0149: Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2↗2019-11-14

▶

CVEList

CVE-2019-0149: Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2↗2019-11-14

▶

📋Vendor Advisories

Debian

CVE-2019-0149: linux - Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Co...↗2019

▶