Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-0148 (GCVE-0-2019-0148)
Vulnerability from cvelistv5
Published
2019-11-14 18:23
Modified
2024-08-04 17:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service
Summary
Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.
References
| URL | Tags | ||
|---|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | 2019.2 IPU – Intel(R) Ethernet 700 Series Controllers |
Version: See provided reference |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:14.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "2019.2 IPU \u2013 Intel(R) Ethernet 700 Series Controllers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See provided reference"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-14T18:23:44",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2019-0148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "2019.2 IPU \u2013 Intel(R) Ethernet 700 Series Controllers",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html",
"refsource": "MISC",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2019-0148",
"datePublished": "2019-11-14T18:23:44",
"dateReserved": "2018-11-13T00:00:00",
"dateUpdated": "2024-08-04T17:44:14.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-0148\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2019-11-14T19:15:12.457\",\"lastModified\":\"2024-11-21T04:16:19.973\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.\"},{\"lang\":\"es\",\"value\":\"Un perdida de recursos en el controlador i40e para Intel\u00ae Ethernet 700 Series Controllers versiones anteriores a la versi\u00f3n 7.0 puede habilitar a un usuario autenticado para permitir potencialmente una denegaci\u00f3n de servicio por medio de un acceso local.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-772\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:ethernet_controller_x710-tm4_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.0\",\"matchCriteriaId\":\"26B90A01-0B80-4DB6-90A7-1791DA120901\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:ethernet_controller_x710-tm4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41EEFF5E-3C88-43B3-9894-1B0C73DBA06A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:ethernet_controller_x710-at2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.0\",\"matchCriteriaId\":\"42313648-4318-441E-B1B9-099A4D49FFDF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:ethernet_controller_x710-at2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8225E56D-74F1-43FC-8696-2F326A264704\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:ethernet_controller_xxv710-am2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.0\",\"matchCriteriaId\":\"F129E674-BCF6-480A-BBB3-44563A6B31B3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:ethernet_controller_xxv710-am2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C6D2A9E-EE3D-4DEC-948E-58416CD32477\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:ethernet_controller_xxv710-am1_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.0\",\"matchCriteriaId\":\"CCA908C6-B34A-4056-9204-39FF4FC53866\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:ethernet_controller_xxv710-am1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA1817F4-978B-4F88-831F-C6259CE20E83\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:ethernet_controller_x710-bm2_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.0\",\"matchCriteriaId\":\"8A2B04C6-5D1A-4D41-AB7A-3263ED8B015B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:ethernet_controller_x710-bm2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91940C69-80BB-43F8-81B5-92AAFCF59CE1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:ethernet_controller_710-bm1_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.0\",\"matchCriteriaId\":\"2D2B96E9-DD07-449B-A309-B3B0B4574369\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:intel:ethernet_controller_710-bm1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE34AA9F-CBD1-423B-A457-5FB79081540F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:ethernet_700_series_software:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"24.0\",\"matchCriteriaId\":\"BBE4DA9C-61F5-48CF-A995-CD6F48CD4E6B\"}]}]}],\"references\":[{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2021-AVI-006
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.10",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-28974",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28974"
},
{
"name": "CVE-2020-27777",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27777"
},
{
"name": "CVE-2020-4788",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4788"
},
{
"name": "CVE-2020-25704",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25704"
},
{
"name": "CVE-2020-12912",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12912"
},
{
"name": "CVE-2020-25705",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25705"
},
{
"name": "CVE-2020-25656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25656"
},
{
"name": "CVE-2019-19770",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19770"
},
{
"name": "CVE-2020-25668",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25668"
},
{
"name": "CVE-2020-10135",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10135"
},
{
"name": "CVE-2019-0148",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0148"
},
{
"name": "CVE-2020-29534",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29534"
},
{
"name": "CVE-2020-27675",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27675"
},
{
"name": "CVE-2020-0423",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0423"
}
],
"initial_release_date": "2021-01-06T00:00:00",
"last_revision_date": "2021-01-06T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-006",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-01-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service et un contournement\nde la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4678-1 du 6 janvier 2021",
"url": "https://ubuntu.com/security/notices/USN-4678-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4679-1 du 6 janvier 2021",
"url": "https://ubuntu.com/security/notices/USN-4679-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4681-1 du 6 janvier 2021",
"url": "https://ubuntu.com/security/notices/USN-4681-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-4680-1 du 6 janvier 2021",
"url": "https://ubuntu.com/security/notices/USN-4680-1"
}
]
}
CERTFR-2019-AVI-563
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les microgiciels Intel. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Intel | N/A | Intel PTT versions antérieures à 11.8.65, 11.11.65, 11.22.65, 12.0.35, 13.0.1201 et 14.0.10 | ||
| Intel | N/A | Intel SPS versions SPS_SoC-X_x antérieures à SPS_SoC-X_04.00.04.086.0 | ||
| Intel | N/A | Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 11.2x antérieures à 11.22.70 | ||
| Intel | N/A | Les processeurs Intel, voir le site du constructeur pour les modèles vulnérables (cf. section documentation) | ||
| Intel | N/A | Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 13.x antérieures à 13.0.10 | ||
| Intel | N/A | Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 12.0.x antérieures à 12.0.45 | ||
| Intel | N/A | Intel CSME, Intel AMT, Intel DAL et Intel DAL versions antérieures à 11.8.70 | ||
| Intel | N/A | Intel SPS versions SPS_E5_x antérieures à SPS_E5_04.00.04.381.0 | ||
| Intel | N/A | Intel SPS versions SPS_E3_x antérieures à SPS_E3_04.01.04.054.0 | ||
| Intel | N/A | Intel SPS versions SPS_SoC-A_x antérieures à SPS_SoC-A_04.00.04.181.0 | ||
| Intel | N/A | Le microgiciel des contrôleurs Ethernet Intel séries 700 versions antérieures à 7.0 | ||
| Intel | N/A | Intel Baseboard Management Controller (BMC), voir le site du constructeur pour les modèles vulnérables (cf. section documentation) | ||
| Intel | N/A | Le logiciel pour contrôleurs Ethernet Intel séries 700 versions antérieure à 24.0 | ||
| Intel | N/A | Intel TXE versions 3.0.x et 3.1.x antérieures à 3.1.70 | ||
| Intel | N/A | Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 11.10.x et 11.11.x antérieures à 11.11.70 | ||
| Intel | N/A | Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 14.x antérieures à 14.0.10 | ||
| Intel | N/A | Intel TXE versions 4.0.x antérieures à 4.0.20 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Intel PTT versions ant\u00e9rieures \u00e0 11.8.65, 11.11.65, 11.22.65, 12.0.35, 13.0.1201 et 14.0.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel SPS versions SPS_SoC-X_x ant\u00e9rieures \u00e0 SPS_SoC-X_04.00.04.086.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 11.2x ant\u00e9rieures \u00e0 11.22.70",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Les processeurs Intel, voir le site du constructeur pour les mod\u00e8les vuln\u00e9rables (cf. section documentation)",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 13.x ant\u00e9rieures \u00e0 13.0.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 12.0.x ant\u00e9rieures \u00e0 12.0.45",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel CSME, Intel AMT, Intel DAL et Intel DAL versions ant\u00e9rieures \u00e0 11.8.70",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel SPS versions SPS_E5_x ant\u00e9rieures \u00e0 SPS_E5_04.00.04.381.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel SPS versions SPS_E3_x ant\u00e9rieures \u00e0 SPS_E3_04.01.04.054.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel SPS versions SPS_SoC-A_x ant\u00e9rieures \u00e0 SPS_SoC-A_04.00.04.181.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Le microgiciel des contr\u00f4leurs Ethernet Intel s\u00e9ries 700 versions ant\u00e9rieures \u00e0 7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Baseboard Management Controller (BMC), voir le site du constructeur pour les mod\u00e8les vuln\u00e9rables (cf. section documentation)",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Le logiciel pour contr\u00f4leurs Ethernet Intel s\u00e9ries 700 versions ant\u00e9rieure \u00e0 24.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel TXE versions 3.0.x et 3.1.x ant\u00e9rieures \u00e0 3.1.70",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 11.10.x et 11.11.x ant\u00e9rieures \u00e0 11.11.70",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 14.x ant\u00e9rieures \u00e0 14.0.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel TXE versions 4.0.x ant\u00e9rieures \u00e0 4.0.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-0143",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0143"
},
{
"name": "CVE-2019-11179",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11179"
},
{
"name": "CVE-2019-11139",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11139"
},
{
"name": "CVE-2019-0150",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0150"
},
{
"name": "CVE-2019-0152",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0152"
},
{
"name": "CVE-2019-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0169"
},
{
"name": "CVE-2019-11097",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11097"
},
{
"name": "CVE-2019-0117",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0117"
},
{
"name": "CVE-2019-11170",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11170"
},
{
"name": "CVE-2019-11132",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11132"
},
{
"name": "CVE-2019-11086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11086"
},
{
"name": "CVE-2019-11137",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11137"
},
{
"name": "CVE-2019-0154",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0154"
},
{
"name": "CVE-2019-11106",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11106"
},
{
"name": "CVE-2019-11175",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11175"
},
{
"name": "CVE-2019-0139",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0139"
},
{
"name": "CVE-2019-0140",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0140"
},
{
"name": "CVE-2019-11172",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11172"
},
{
"name": "CVE-2019-11177",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11177"
},
{
"name": "CVE-2019-11135",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11135"
},
{
"name": "CVE-2019-0168",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0168"
},
{
"name": "CVE-2019-11103",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11103"
},
{
"name": "CVE-2019-11107",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11107"
},
{
"name": "CVE-2019-0141",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0141"
},
{
"name": "CVE-2019-11136",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11136"
},
{
"name": "CVE-2019-0149",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0149"
},
{
"name": "CVE-2019-11181",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11181"
},
{
"name": "CVE-2019-11110",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11110"
},
{
"name": "CVE-2019-0144",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0144"
},
{
"name": "CVE-2019-11173",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11173"
},
{
"name": "CVE-2019-11182",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11182"
},
{
"name": "CVE-2019-11102",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11102"
},
{
"name": "CVE-2019-11088",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11088"
},
{
"name": "CVE-2019-11105",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11105"
},
{
"name": "CVE-2019-0124",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0124"
},
{
"name": "CVE-2019-0151",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0151"
},
{
"name": "CVE-2019-11168",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11168"
},
{
"name": "CVE-2019-11101",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11101"
},
{
"name": "CVE-2019-11171",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11171"
},
{
"name": "CVE-2018-12207",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12207"
},
{
"name": "CVE-2019-0142",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0142"
},
{
"name": "CVE-2019-11131",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11131"
},
{
"name": "CVE-2019-0146",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0146"
},
{
"name": "CVE-2019-11090",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11090"
},
{
"name": "CVE-2019-0131",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0131"
},
{
"name": "CVE-2019-11109",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11109"
},
{
"name": "CVE-2019-11178",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11178"
},
{
"name": "CVE-2019-0166",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0166"
},
{
"name": "CVE-2019-0184",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0184"
},
{
"name": "CVE-2019-0123",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0123"
},
{
"name": "CVE-2019-11180",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11180"
},
{
"name": "CVE-2019-11104",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11104"
},
{
"name": "CVE-2019-0148",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0148"
},
{
"name": "CVE-2019-11087",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11087"
},
{
"name": "CVE-2019-11174",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11174"
},
{
"name": "CVE-2019-0145",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0145"
},
{
"name": "CVE-2019-11108",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11108"
},
{
"name": "CVE-2019-0147",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0147"
},
{
"name": "CVE-2019-11100",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11100"
},
{
"name": "CVE-2019-0165",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0165"
},
{
"name": "CVE-2019-11147",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11147"
}
],
"initial_release_date": "2019-11-13T00:00:00",
"last_revision_date": "2019-11-13T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-563",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-11-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les microgiciels\nIntel. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation\nde privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les microgiciels Intel",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00313 du 12 novembre 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00313.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00219 du 12 novembre 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00219.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00270 du 12 novembre 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00210 du 12 novembre 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00210.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00240 du 12 novembre 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00240.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00255 du 12 novembre 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00271 du 12 novembre 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00260 du 12 novembre 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00260.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00280 du 12 novembre 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00280.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00164 du 12 novembre 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00164.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00241 du 12 novembre 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00220 du 12 novembre 2019",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00220.html"
}
]
}
cnvd-2019-41459
Vulnerability from cnvd
Title
Intel Ethernet 700 Series Controllers资源泄漏漏洞
Description
Intel Ethernet 700 Series Controllers是Intel(英特尔)公司推出的网络适配器产品。
Intel Ethernet 700 Series Controllers 7.0之前版本存在资源泄漏漏洞。攻击者可利用该漏洞导致拒绝服务。
Severity
低
VLAI Severity ?
Patch Name
Intel Ethernet 700 Series Controllers资源泄漏漏洞的补丁
Patch Description
Intel Ethernet 700 Series Controllers是Intel(英特尔)公司推出的网络适配器产品。
Intel Ethernet 700 Series Controllers 7.0之前版本存在资源泄漏漏洞。攻击者可利用该漏洞导致拒绝服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://downloadcenter.intel.com/product/46828/700-Series-Network-Adapters-up-to-40GbE-
Reference
https://nvd.nist.gov/vuln/detail/CVE-2019-0148
Impacted products
| Name | Intel 以太网700系列控制器 <7.0 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-0148",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-0148"
}
},
"description": "Intel Ethernet 700 Series Controllers\u662fIntel\uff08\u82f1\u7279\u5c14\uff09\u516c\u53f8\u63a8\u51fa\u7684\u7f51\u7edc\u9002\u914d\u5668\u4ea7\u54c1\u3002\n\nIntel Ethernet 700 Series Controllers 7.0\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8d44\u6e90\u6cc4\u6f0f\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://downloadcenter.intel.com/product/46828/700-Series-Network-Adapters-up-to-40GbE-",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-41459",
"openTime": "2019-11-20",
"patchDescription": "Intel Ethernet 700 Series Controllers\u662fIntel\uff08\u82f1\u7279\u5c14\uff09\u516c\u53f8\u63a8\u51fa\u7684\u7f51\u7edc\u9002\u914d\u5668\u4ea7\u54c1\u3002\r\n\r\nIntel Ethernet 700 Series Controllers 7.0\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8d44\u6e90\u6cc4\u6f0f\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Intel Ethernet 700 Series Controllers\u8d44\u6e90\u6cc4\u6f0f\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Intel \u4ee5\u592a\u7f51700\u7cfb\u5217\u63a7\u5236\u5668 \u003c7.0"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-0148",
"serverity": "\u4f4e",
"submitTime": "2019-11-15",
"title": "Intel Ethernet 700 Series Controllers\u8d44\u6e90\u6cc4\u6f0f\u6f0f\u6d1e"
}
gsd-2019-0148
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-0148",
"description": "Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.",
"id": "GSD-2019-0148",
"references": [
"https://ubuntu.com/security/CVE-2019-0148"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-0148"
],
"details": "Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.",
"id": "GSD-2019-0148",
"modified": "2023-12-13T01:23:40.236917Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2019-0148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "2019.2 IPU \u2013 Intel(R) Ethernet 700 Series Controllers",
"version": {
"version_data": [
{
"version_value": "See provided reference"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html",
"refsource": "MISC",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:ethernet_controller_x710-tm4_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:ethernet_controller_x710-tm4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:ethernet_controller_x710-at2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:ethernet_controller_x710-at2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:ethernet_controller_xxv710-am2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:ethernet_controller_xxv710-am2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:ethernet_controller_xxv710-am1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:ethernet_controller_xxv710-am1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:ethernet_controller_x710-bm2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:ethernet_controller_x710-bm2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:ethernet_controller_710-bm1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:ethernet_controller_710-bm1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:intel:ethernet_700_series_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "24.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2019-0148"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-772"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html",
"refsource": "MISC",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2021-05-03T17:35Z",
"publishedDate": "2019-11-14T19:15Z"
}
}
}
ghsa-w9cg-q4rq-7r4j
Vulnerability from github
Published
2022-05-24 17:00
Modified
2022-05-24 17:00
VLAI Severity ?
Details
Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.
{
"affected": [],
"aliases": [
"CVE-2019-0148"
],
"database_specific": {
"cwe_ids": [
"CWE-772"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-14T19:15:00Z",
"severity": "LOW"
},
"details": "Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.",
"id": "GHSA-w9cg-q4rq-7r4j",
"modified": "2022-05-24T17:00:54Z",
"published": "2022-05-24T17:00:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0148"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
var-201911-1639
Vulnerability from variot
Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. Intel(R) Ethernet 700 Series Controller Contains a resource exhaustion vulnerability.Denial of service (DoS) May be in a state. Intel Ethernet 700 Series Controllers is a network adapter product from Intel Corporation. An attacker could exploit this vulnerability to cause a denial of service. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. ========================================================================== Ubuntu Security Notice USN-4681-1 January 06, 2021
linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi (V8) systems - linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
Ryan Hall discovered that the Intel 700 Series Ethernet Controllers driver in the Linux kernel did not properly deallocate memory in some conditions. (CVE-2019-0148)
It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-25656)
Minh Yuan discovered that the tty driver in the Linux kernel contained race conditions when handling fonts. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-25668)
Jinoh Kang discovered that the Xen event channel infrastructure in the Linux kernel contained a race condition. (CVE-2020-27675)
Minh Yuan discovered that the framebuffer console driver in the Linux kernel did not properly handle fonts in some conditions. (CVE-2020-28974)
It was discovered that Power 9 processors could be coerced to expose information from the L1 cache in certain situations. A local attacker could use this to expose sensitive information. (CVE-2020-4788)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: linux-image-4.4.0-1085-kvm 4.4.0-1085.94 linux-image-4.4.0-1119-aws 4.4.0-1119.133 linux-image-4.4.0-1143-raspi2 4.4.0-1143.153 linux-image-4.4.0-1147-snapdragon 4.4.0-1147.157 linux-image-4.4.0-198-generic 4.4.0-198.230 linux-image-4.4.0-198-generic-lpae 4.4.0-198.230 linux-image-4.4.0-198-lowlatency 4.4.0-198.230 linux-image-4.4.0-198-powerpc-e500mc 4.4.0-198.230 linux-image-4.4.0-198-powerpc-smp 4.4.0-198.230 linux-image-4.4.0-198-powerpc64-emb 4.4.0-198.230 linux-image-4.4.0-198-powerpc64-smp 4.4.0-198.230 linux-image-aws 4.4.0.1119.124 linux-image-generic 4.4.0.198.204 linux-image-generic-lpae 4.4.0.198.204 linux-image-kvm 4.4.0.1085.83 linux-image-lowlatency 4.4.0.198.204 linux-image-powerpc-e500mc 4.4.0.198.204 linux-image-powerpc-smp 4.4.0.198.204 linux-image-powerpc64-emb 4.4.0.198.204 linux-image-powerpc64-smp 4.4.0.198.204 linux-image-raspi2 4.4.0.1143.143 linux-image-snapdragon 4.4.0.1147.139 linux-image-virtual 4.4.0.198.204
Ubuntu 14.04 ESM: linux-image-4.4.0-1083-aws 4.4.0-1083.87 linux-image-4.4.0-198-generic 4.4.0-198.230~14.04.1 linux-image-4.4.0-198-generic-lpae 4.4.0-198.230~14.04.1 linux-image-4.4.0-198-lowlatency 4.4.0-198.230~14.04.1 linux-image-4.4.0-198-powerpc-e500mc 4.4.0-198.230~14.04.1 linux-image-4.4.0-198-powerpc-smp 4.4.0-198.230~14.04.1 linux-image-4.4.0-198-powerpc64-emb 4.4.0-198.230~14.04.1 linux-image-4.4.0-198-powerpc64-smp 4.4.0-198.230~14.04.1 linux-image-aws 4.4.0.1083.80 linux-image-generic-lpae-lts-xenial 4.4.0.198.173 linux-image-generic-lts-xenial 4.4.0.198.173 linux-image-lowlatency-lts-xenial 4.4.0.198.173 linux-image-powerpc-e500mc-lts-xenial 4.4.0.198.173 linux-image-powerpc-smp-lts-xenial 4.4.0.198.173 linux-image-powerpc64-emb-lts-xenial 4.4.0.198.173 linux-image-powerpc64-smp-lts-xenial 4.4.0.198.173 linux-image-virtual-lts-xenial 4.4.0.198.173
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://usn.ubuntu.com/4681-1 CVE-2019-0148, CVE-2020-25656, CVE-2020-25668, CVE-2020-27675, CVE-2020-28974, CVE-2020-4788
Package Information: https://launchpad.net/ubuntu/+source/linux/4.4.0-198.230 https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1119.133 https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1085.94 https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1143.153 https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1147.157
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1639",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ethernet controller 710-bm1",
"scope": "lt",
"trust": 1.8,
"vendor": "intel",
"version": "7.0"
},
{
"model": "ethernet controller x710-at2",
"scope": "lt",
"trust": 1.8,
"vendor": "intel",
"version": "7.0"
},
{
"model": "ethernet controller x710-bm2",
"scope": "lt",
"trust": 1.8,
"vendor": "intel",
"version": "7.0"
},
{
"model": "ethernet controller x710-tm4",
"scope": "lt",
"trust": 1.8,
"vendor": "intel",
"version": "7.0"
},
{
"model": "ethernet controller xxv710-am1",
"scope": "lt",
"trust": 1.8,
"vendor": "intel",
"version": "7.0"
},
{
"model": "ethernet controller xxv710-am2",
"scope": "lt",
"trust": 1.8,
"vendor": "intel",
"version": "7.0"
},
{
"model": "ethernet 700 series software",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "24.0"
},
{
"model": "ethernet 700 series software",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "ethernet series controller",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "700\u003c7.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41459"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012078"
},
{
"db": "NVD",
"id": "CVE-2019-0148"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:intel:enternet_700_series_software",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:intel:ethernet_controller_710-bm1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:intel:ethernet_controller_x710-at2_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:intel:x710-bm2_controller",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:intel:ethernet_controller_x710-tm4_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:intel:ethernet_controller_xxv710-am1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:intel:ethernet_controller_xxv710-am2_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012078"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "160825"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-555"
}
],
"trust": 0.7
},
"cve": "CVE-2019-0148",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-0148",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-41459",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-140179",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2019-0148",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-0148",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-0148",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-0148",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-41459",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-555",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-140179",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41459"
},
{
"db": "VULHUB",
"id": "VHN-140179"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012078"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-555"
},
{
"db": "NVD",
"id": "CVE-2019-0148"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. Intel(R) Ethernet 700 Series Controller Contains a resource exhaustion vulnerability.Denial of service (DoS) May be in a state. Intel Ethernet 700 Series Controllers is a network adapter product from Intel Corporation. An attacker could exploit this vulnerability to cause a denial of service. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. ==========================================================================\nUbuntu Security Notice USN-4681-1\nJanuary 06, 2021\n\nlinux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2,\nlinux-snapdragon vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. \n\nSoftware Description:\n- linux: Linux kernel\n- linux-aws: Linux kernel for Amazon Web Services (AWS) systems\n- linux-kvm: Linux kernel for cloud environments\n- linux-raspi2: Linux kernel for Raspberry Pi (V8) systems\n- linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors\n- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty\n\nDetails:\n\nRyan Hall discovered that the Intel 700 Series Ethernet Controllers driver\nin the Linux kernel did not properly deallocate memory in some conditions. (CVE-2019-0148)\n\nIt was discovered that the console keyboard driver in the Linux kernel\ncontained a race condition. A local attacker could use this to expose\nsensitive information (kernel memory). (CVE-2020-25656)\n\nMinh Yuan discovered that the tty driver in the Linux kernel contained race\nconditions when handling fonts. A local attacker could possibly use this to\nexpose sensitive information (kernel memory). (CVE-2020-25668)\n\nJinoh Kang discovered that the Xen event channel infrastructure in the\nLinux kernel contained a race condition. \n(CVE-2020-27675)\n\nMinh Yuan discovered that the framebuffer console driver in the Linux\nkernel did not properly handle fonts in some conditions. (CVE-2020-28974)\n\nIt was discovered that Power 9 processors could be coerced to expose\ninformation from the L1 cache in certain situations. A local attacker could\nuse this to expose sensitive information. (CVE-2020-4788)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n linux-image-4.4.0-1085-kvm 4.4.0-1085.94\n linux-image-4.4.0-1119-aws 4.4.0-1119.133\n linux-image-4.4.0-1143-raspi2 4.4.0-1143.153\n linux-image-4.4.0-1147-snapdragon 4.4.0-1147.157\n linux-image-4.4.0-198-generic 4.4.0-198.230\n linux-image-4.4.0-198-generic-lpae 4.4.0-198.230\n linux-image-4.4.0-198-lowlatency 4.4.0-198.230\n linux-image-4.4.0-198-powerpc-e500mc 4.4.0-198.230\n linux-image-4.4.0-198-powerpc-smp 4.4.0-198.230\n linux-image-4.4.0-198-powerpc64-emb 4.4.0-198.230\n linux-image-4.4.0-198-powerpc64-smp 4.4.0-198.230\n linux-image-aws 4.4.0.1119.124\n linux-image-generic 4.4.0.198.204\n linux-image-generic-lpae 4.4.0.198.204\n linux-image-kvm 4.4.0.1085.83\n linux-image-lowlatency 4.4.0.198.204\n linux-image-powerpc-e500mc 4.4.0.198.204\n linux-image-powerpc-smp 4.4.0.198.204\n linux-image-powerpc64-emb 4.4.0.198.204\n linux-image-powerpc64-smp 4.4.0.198.204\n linux-image-raspi2 4.4.0.1143.143\n linux-image-snapdragon 4.4.0.1147.139\n linux-image-virtual 4.4.0.198.204\n\nUbuntu 14.04 ESM:\n linux-image-4.4.0-1083-aws 4.4.0-1083.87\n linux-image-4.4.0-198-generic 4.4.0-198.230~14.04.1\n linux-image-4.4.0-198-generic-lpae 4.4.0-198.230~14.04.1\n linux-image-4.4.0-198-lowlatency 4.4.0-198.230~14.04.1\n linux-image-4.4.0-198-powerpc-e500mc 4.4.0-198.230~14.04.1\n linux-image-4.4.0-198-powerpc-smp 4.4.0-198.230~14.04.1\n linux-image-4.4.0-198-powerpc64-emb 4.4.0-198.230~14.04.1\n linux-image-4.4.0-198-powerpc64-smp 4.4.0-198.230~14.04.1\n linux-image-aws 4.4.0.1083.80\n linux-image-generic-lpae-lts-xenial 4.4.0.198.173\n linux-image-generic-lts-xenial 4.4.0.198.173\n linux-image-lowlatency-lts-xenial 4.4.0.198.173\n linux-image-powerpc-e500mc-lts-xenial 4.4.0.198.173\n linux-image-powerpc-smp-lts-xenial 4.4.0.198.173\n linux-image-powerpc64-emb-lts-xenial 4.4.0.198.173\n linux-image-powerpc64-smp-lts-xenial 4.4.0.198.173\n linux-image-virtual-lts-xenial 4.4.0.198.173\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. \n\nReferences:\n https://usn.ubuntu.com/4681-1\n CVE-2019-0148, CVE-2020-25656, CVE-2020-25668, CVE-2020-27675,\n CVE-2020-28974, CVE-2020-4788\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/linux/4.4.0-198.230\n https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1119.133\n https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1085.94\n https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1143.153\n https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1147.157\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-0148"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012078"
},
{
"db": "CNVD",
"id": "CNVD-2019-41459"
},
{
"db": "VULHUB",
"id": "VHN-140179"
},
{
"db": "PACKETSTORM",
"id": "160825"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-0148",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "160825",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU90354904",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012078",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201911-555",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-41459",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0071",
"trust": 0.6
},
{
"db": "LENOVO",
"id": "LEN-27715",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-140179",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41459"
},
{
"db": "VULHUB",
"id": "VHN-140179"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012078"
},
{
"db": "PACKETSTORM",
"id": "160825"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-555"
},
{
"db": "NVD",
"id": "CVE-2019-0148"
}
]
},
"id": "VAR-201911-1639",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41459"
},
{
"db": "VULHUB",
"id": "VHN-140179"
}
],
"trust": 1.18344827
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41459"
}
]
},
"last_update_date": "2024-11-23T20:45:01.041000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00255",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html"
},
{
"title": "Patch for Intel Ethernet 700 Series Controllers Resource Leak Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/191091"
},
{
"title": "Intel Ethernet 700 Series Controllers i40e driver Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=104679"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41459"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012078"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-555"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-772",
"trust": 1.1
},
{
"problemtype": "CWE-400",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-140179"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012078"
},
{
"db": "NVD",
"id": "CVE-2019-0148"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0148"
},
{
"trust": 1.7,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0148"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90354904/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160825/ubuntu-security-notice-usn-4681-1.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/intel-ethernet-700-series-controllers-multiple-vulnerabilities-30850"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-27715"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0071/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1147.157"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1119.133"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27675"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/4.4.0-198.230"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28974"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1143.153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25656"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4681-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1085.94"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-4788"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25668"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41459"
},
{
"db": "VULHUB",
"id": "VHN-140179"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012078"
},
{
"db": "PACKETSTORM",
"id": "160825"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-555"
},
{
"db": "NVD",
"id": "CVE-2019-0148"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-41459"
},
{
"db": "VULHUB",
"id": "VHN-140179"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012078"
},
{
"db": "PACKETSTORM",
"id": "160825"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-555"
},
{
"db": "NVD",
"id": "CVE-2019-0148"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41459"
},
{
"date": "2019-11-14T00:00:00",
"db": "VULHUB",
"id": "VHN-140179"
},
{
"date": "2019-11-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012078"
},
{
"date": "2021-01-06T15:58:17",
"db": "PACKETSTORM",
"id": "160825"
},
{
"date": "2019-11-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-555"
},
{
"date": "2019-11-14T19:15:12.457000",
"db": "NVD",
"id": "CVE-2019-0148"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41459"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-140179"
},
{
"date": "2019-11-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012078"
},
{
"date": "2021-01-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-555"
},
{
"date": "2024-11-21T04:16:19.973000",
"db": "NVD",
"id": "CVE-2019-0148"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "160825"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-555"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel(R) Ethernet 700 Series Controller Vulnerabilities related to resource exhaustion",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012078"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-555"
}
],
"trust": 0.6
}
}
fkie_cve-2019-0148
Vulnerability from fkie_nvd
Published
2019-11-14 19:15
Modified
2024-11-21 04:16
Severity ?
Summary
Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intel | ethernet_controller_x710-tm4_firmware | * | |
| intel | ethernet_controller_x710-tm4 | - | |
| intel | ethernet_controller_x710-at2_firmware | * | |
| intel | ethernet_controller_x710-at2 | - | |
| intel | ethernet_controller_xxv710-am2_firmware | * | |
| intel | ethernet_controller_xxv710-am2 | - | |
| intel | ethernet_controller_xxv710-am1_firmware | * | |
| intel | ethernet_controller_xxv710-am1 | - | |
| intel | ethernet_controller_x710-bm2_firmware | * | |
| intel | ethernet_controller_x710-bm2 | - | |
| intel | ethernet_controller_710-bm1_firmware | * | |
| intel | ethernet_controller_710-bm1 | - | |
| intel | ethernet_700_series_software | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ethernet_controller_x710-tm4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26B90A01-0B80-4DB6-90A7-1791DA120901",
"versionEndExcluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ethernet_controller_x710-tm4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41EEFF5E-3C88-43B3-9894-1B0C73DBA06A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ethernet_controller_x710-at2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42313648-4318-441E-B1B9-099A4D49FFDF",
"versionEndExcluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ethernet_controller_x710-at2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8225E56D-74F1-43FC-8696-2F326A264704",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ethernet_controller_xxv710-am2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F129E674-BCF6-480A-BBB3-44563A6B31B3",
"versionEndExcluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ethernet_controller_xxv710-am2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6D2A9E-EE3D-4DEC-948E-58416CD32477",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ethernet_controller_xxv710-am1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCA908C6-B34A-4056-9204-39FF4FC53866",
"versionEndExcluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ethernet_controller_xxv710-am1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA1817F4-978B-4F88-831F-C6259CE20E83",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ethernet_controller_x710-bm2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A2B04C6-5D1A-4D41-AB7A-3263ED8B015B",
"versionEndExcluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ethernet_controller_x710-bm2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91940C69-80BB-43F8-81B5-92AAFCF59CE1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:intel:ethernet_controller_710-bm1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2B96E9-DD07-449B-A309-B3B0B4574369",
"versionEndExcluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:ethernet_controller_710-bm1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE34AA9F-CBD1-423B-A457-5FB79081540F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intel:ethernet_700_series_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBE4DA9C-61F5-48CF-A995-CD6F48CD4E6B",
"versionEndExcluding": "24.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access."
},
{
"lang": "es",
"value": "Un perdida de recursos en el controlador i40e para Intel\u00ae Ethernet 700 Series Controllers versiones anteriores a la versi\u00f3n 7.0 puede habilitar a un usuario autenticado para permitir potencialmente una denegaci\u00f3n de servicio por medio de un acceso local."
}
],
"id": "CVE-2019-0148",
"lastModified": "2024-11-21T04:16:19.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-14T19:15:12.457",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-772"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…