Risk | Low |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2019-0146 CVE-2019-0149 |
CWE-ID | CWE-400 CWE-20 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Intel Ethernet 700 Series Hardware solutions / Firmware Intel Ethernet 700 Series Controller Software Hardware solutions / Drivers |
Vendor | Intel |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU22952
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-0146
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a resource leak in i40e driver. A local user can trigger resource exhaustion and perform a denial of service attack on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Ethernet 700 Series: before 2.8.43
Intel Ethernet 700 Series Controller Software: before 24.0
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU22955
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-0149
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in i40e driver. A local user can cause a denial of service condition on the target system.
Install updates from vendor's website.
Vulnerable software versionsIntel Ethernet 700 Series: before 2.8.43
Intel Ethernet 700 Series Controller Software: before 24.0
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.