CVE-2022-21793 — Vmware I40en vulnerability

3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 88.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware I40en Vmware Ixgben

Timeline

PublishedAug 18

Latest updateAug 19

Description

Insufficient control flow management in the Intel(R) Ethernet 500 Series Controller drivers for VMWare before version 1.11.4.0 and in the Intel(R) Ethernet 700 Series Controller drivers for VMWare before version 2.1.5.0 may allow an authenticated user to potentially enable a denial of service via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDvmware/i40en< 2.1.5.0

▶NVDvmware/ixgben< 1.11.4.0

Patches

Patch: www.intel.com ↗Patch: www.intel.com ↗

🔴Vulnerability Details

GHSA

GHSA-83qg-x9mg-rj3j: Insufficient control flow management in the Intel(R) Ethernet 500 Series Controller drivers for VMWare before version 1↗2022-08-19

▶

CVEList

CVE-2022-21793: Insufficient control flow management in the Intel(R) Ethernet 500 Series Controller drivers for VMWare before version 1↗2022-08-18

▶