Lucene search

K
intelIntel Security CenterINTEL:INTEL-SA-00571
HistoryFeb 08, 2022 - 12:00 a.m.

Intel® 82599 Ethernet Controllers Advisory

2022-02-0800:00:00
Intel Security Center
www.intel.com
42

Summary:

Potential security vulnerabilities in the Intel® 82599 Ethernet Series Controllers and Adapters may allow denial of service. Intel is releasing software updates and prescriptive guidance to address these potential vulnerabilities.****

Vulnerability Details:

CVEID: CVE-2021-33096

Description: Improper isolation of shared resources in network on chip for the Intel® 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CVEID: CVE-2021-33061

Description: Insufficient control flow management for the Intel® 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 6.5 MEDIUM

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Affected Products:

All Intel® 82599 Ethernet Series Controllers and associated Adapters.

Recommendations:

Intel recommends following the steps below to address these issues.

For CVE-2021-33096:

  1. Download the prescriptive guidance found in this Application Note.
  2. Consult the Direct-Assignment Networking Fault Isolation in a Data Center Environment Prescriptive Guidance Addressing INTEL-SA-00571 Application Note.

For CVE-2021-33061:

Update Intel® 82599 Ethernet Series Controllers and associated Adapters Kernel-mode Driver versions to 5.13.4 or higher.

Updates are available for download at this location:

<https://sourceforge.net/projects/e1000/files/ixgbe stable/5.13.4/&gt;

Acknowledgements:

Intel would like to thank Asaf Modelevsky (Amazon Web Services) for reporting these issues.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related for INTEL:INTEL-SA-00571