7.8
CVE-2019-0145
- EPSS 0.05%
- Published 14.11.2019 19:15:12
- Last modified 21.11.2024 04:16:19
- Source secure@intel.com
- Teams watchlist Login
- Open Login
Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access.
Data is provided by the National Vulnerability Database (NVD)
Intel ≫ Ethernet Controller X710-tm4 Firmware Version < 7.0
Intel ≫ Ethernet Controller X710-at2 Firmware Version < 7.0
Intel ≫ Ethernet Controller Xxv710-am2 Firmware Version < 7.0
Intel ≫ Ethernet Controller Xxv710-am1 Firmware Version < 7.0
Intel ≫ Ethernet Controller X710-bm2 Firmware Version < 7.0
Intel ≫ Ethernet Controller 710-bm1 Firmware Version < 7.0
Intel ≫ Ethernet 700 Series Software Version < 24.0
Linux ≫ Linux Kernel Version >= 4.6 < 4.9.244
Linux ≫ Linux Kernel Version >= 4.10 < 4.14.205
Linux ≫ Linux Kernel Version >= 4.15 < 4.19.139
Linux ≫ Linux Kernel Version >= 4.20 < 5.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.118 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.