K85738358 : Intel Ethernet Controller vulnerabilities CVE-2020-24497, CVE-2020-24498, CVE-2020-24500, CVE-2020-24501, and CVE-2020-24505

Security Advisory Description

• CVE-2020-24497

Insufficient Access Control in the firmware for Intel® E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable denial of service via local access.

• CVE-2020-24498

Buffer overflow in the firmware for Intel® E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable denial of service via local access.

• CVE-2020-24500

Buffer overflow in the firmware for Intel® E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable a denial of service via local access.

• CVE-2020-24501

Buffer overflow in the firmware for Intel® E810 Ethernet Controllers before version 1.4.1.13 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

• CVE-2020-24505

Insufficient input validation in the firmware for the Intel® 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access.

Impact

This vulnerability may allow a privileged user to potentially enable denial of service (DoS) by way of local access.