CVE-2021-0084 — Improper Input Validation in Intel Ethernet Controller E810 Firmware

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 82.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Ethernet Controller E810 Firmware Intel X722da2 Firmware Intel X722da4fh Firmware +1 more

Timeline

PublishedAug 11

Latest updateMay 24

Description

Improper input validation in the Intel(R) Ethernet Controllers X722 and 800 series Linux RMDA driver before version 1.3.19 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDintel/x722da2_firmware< 1.3.19

▶NVDintel/x722da4fh_firmware< 1.3.19

▶NVDintel/x722da4g1p5_firmware< 1.3.19

▶NVDintel/ethernet_controller_e810_firmware< 1.4.11

🔴Vulnerability Details

GHSA

GHSA-3q3q-qxg4-v82q: Improper input validation in the Intel(R) Ethernet Controllers X722 and 800 series Linux RMDA driver before version 1↗2022-05-24

▶

CVEList

CVE-2021-0084: Improper input validation in the Intel(R) Ethernet Controllers X722 and 800 series Linux RMDA driver before version 1↗2021-08-11

▶

📋Vendor Advisories

Red Hat

kernel: Improper input validation in the Intel(R) Ethernet Controllers X722 and 800 series Linux RMDA driver↗2021-08-11

▶