Potential security vulnerabilities in the firmware for Intel® Ethernet Adapters 800 Series Controllers and associated adapters may allow denial of service or information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities.****
CVEID: CVE-2021-0004
Description: Improper buffer restrictions in the firmware of Intel® Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow a privileged user to potentially enable denial of service via local access.
CVSS Base Score: 6.0 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CVEID: CVE-2021-0005
Description: Uncaught exception in firmware for Intel® Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow a privileged user to potentially enable denial of service via local access.
CVSS Base Score: 6.0 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H****
CVEID: CVE-2021-0006
Description: Improper conditions check in firmware for Intel® Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.4.0 may allow a privileged user to potentially enable denial of service via local access.
CVSS Base Score: 5.1 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H****
CVEID: CVE-2021-0007
Description: Uncaught exception in firmware for Intel® Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.1.0 may allow a privileged attacker to potentially enable denial of service via local access.
CVSS Base Score: 4.4 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H****
CVEID: CVE-2021-0008
Description: Uncontrolled resource consumption in firmware for Intel® Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow privileged user to potentially enable denial of service via local access.
CVSS Base Score: 4.4 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H****
CVEID: CVE-2021-0009
Description: Out-of-bounds read in the firmware for Intel® Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVSS Base Score: 4.3 Medium
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L****
Intel® Ethernet Adapters 800 Series Controllers and associated adapters before versions 1.5.1.0, 1.5.3.0 and 1.5.4.0.
Intel recommends that users update firmware and software drivers to the latest version (see affected products).
Updates are available for download at this location: <https://downloadcenter.intel.com/product/36773/Ethernet-Products>
These issues were found internally by Intel.****
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.