Intel® Ethernet Controllers and Adapters Advisory

Summary:

Potential security vulnerabilities in some Intel® Ethernet Controllers and Adapters may allow denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities.****

Vulnerability Details:

CVEID: CVE-2021-33126

Description: Improper access control in the firmware for some Intel® 700 and 722 Series Ethernet Controllers and Adapters before versions 8.5 and 1.5.5 may allow a privileged user to potentially enable denial of service via local access.

CVSS Base Score: 5.1 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H****

CVEID: CVE-2021-33128

Description: Improper access control in the firmware for some Intel® E810 Ethernet Controllers before version 1.6.0.6 may allow a privileged user to potentially enable denial of service via local access.

CVSS Base Score: 5.1 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H ****

CVEID: CVE-2022-28709

Description: Improper access control in the firmware for some Intel® E810 Ethernet Controllers before version 1.6.1.9 may allow a privileged user to potentially enable denial of service via local access.

CVSS Base Score: 4.1 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H****

Affected Products:

Intel® 700 Series Ethernet Controllers and Adapters before version 8.5.

• Firmware version, as reported by the device, corresponding to the release numbers above are:

• Software Release Version 26.6: Device reports 8.5, NVM version 8.50.

Intel® 722 Series Ethernet Controllers and Adapters before version 1.5.5.

• Firmware version, as reported by the device, corresponding to the release numbers above are:
• Software Release Version 26.6: Device reports 1.5.5, NVM version 5.50.

Intel® E810 Ethernet Controllers and Adapters before version 1.6.0.6.

• Firmware versions, as reported by the device, corresponding to the release numbers above are:
• Software Release version 26.4: Device Reports 1.6.0.6., NVM version 3.0.

Intel® E810 Ethernet Controllers and Adapters before version1.6.1.9

• Firmware versions, as reported by the device, corresponding to the release numbers above are:
• Software Release Version 26.8: Device reports 1.6.1.9, NVM version 3.10.

Recommendations:

Intel recommends updating the firmware for impacted Intel® Ethernet Controllers and Adapters to the versions provided below or later.

• Intel® 700 Series Ethernet Controllers and Adapters before version 8.5.
• Intel® 722 Series Ethernet Controllers and Adapters before version 1.5.5.
• Intel® E810 Ethernet Controllers and Adapters before version 1.6.1.9

Updates are available for download at this location:

<https://downloadcenter.intel.com/product/36773/Ethernet-Products&gt;

Acknowledgements:

The following issues were found internally by Intel employees. Intel would like to thank Dmitry Shvarts and Dmitry Tsimbler.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.