CVE-2022-36382

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

4.4MEDIUM

EPSS

0.1%

top 82.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Ethernet Controller X710-am2 Firmware Intel Ethernet Controller X710-bm2 Firmware Intel Ethernet Controller Xl710-am1 Firmware +12 more

Timeline

PublishedFeb 16

Description

Out-of-bounds write in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 1.7.0.8 and some Intel(R) Ethernet 700 Series Controllers and Adapters before version 9.101 may allow a privileged user to potentially enable denial of service via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 0.8 | Impact: 5.2

Affected Packages16 packages

▶CVEListV5intel(r)_ethernet_network_controllers_and_adapters_e810_series_and_some_intel(r)_ethernet_700_series_controllers_and_adaptersbefore version 1.7.0.8 and before version 9.101

▶NVDintel/ethernet_network_controller_e810-cam1_firmware< 1.7.0.8

▶NVDintel/ethernet_network_controller_e810-cam2_firmware< 1.7.0.8

▶NVDintel/ethernet_network_controller_e810-xxvam2_firmware< 1.7.0.8

▶NVDintel/ethernet_converged_network_adapter_x710-da2_firmware< 9.101

🔴Vulnerability Details

CVEList

CVE-2022-36382: Out-of-bounds write in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 1↗2023-02-16

▶

GHSA

GHSA-3c52-h4x3-2jhm: Out-of-bounds write in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 1↗2023-02-16

▶