Potential security vulnerabilities in the Intel® 82599 Ethernet Series Controllers and Adapters may allow denial of service. Intel is releasing software updates and prescriptive guidance to address these potential vulnerabilities.****
CVEID: CVE-2021-33096
Description: Improper isolation of shared resources in network on chip for the Intel® 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access.
CVSS Base Score: 6.5 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVEID: CVE-2021-33061
Description: Insufficient control flow management for the Intel® 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access.
CVSS Base Score: 6.5 MEDIUM
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
All Intel® 82599 Ethernet Series Controllers and associated Adapters.
Intel recommends following the steps below to address these issues.
For CVE-2021-33096:
For CVE-2021-33061:
Update Intel® 82599 Ethernet Series Controllers and associated Adapters Kernel-mode Driver versions to 5.13.4 or higher.
Updates are available for download at this location:
<https://sourceforge.net/projects/e1000/files/ixgbe stable/5.13.4/>
Intel would like to thank Asaf Modelevsky (Amazon Web Services) for reporting these issues.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.