Intel® Ethernet Controllers and Adapters Advisory

Summary:

A potential security vulnerability in some Intel® Ethernet Controllers and Adapters may allow denial of service. Intel is releasing firmware updates to mitigate this potential vulnerability.

Vulnerability Details:

CVEID: CVE-2022-36382

Description: Out-of-bounds write in firmware for some Intel® Ethernet Network Controllers and Adapters E810 Series before version 1.7.0.8 and some Intel® Ethernet 700 Series Controllers and Adapters before version 9.101 may allow a privileged user to potentially enable denial of service via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Affected Products:

Intel® Ethernet Network Controllers and Adapters E810 (Columbiaville) Series before version 1.7.0.8:

• Firmware Version, as reported by the device, corresponding to the release numbers above are:
  Software Release Version 27.6.1: Device Reports 1.7.0.8, NVM version 4.01.

Intel® Ethernet X710 (Fortville) Series Controllers and Adapters before version 9.101:

• Firmware Version, as reported by the device, corresponding to the release numbers above are:
  Software Release Version 27.6.1: Device Reports 9.101, NVM version 9.0.

Recommendations:

Intel recommends updating the firmware for impacted Intel® Ethernet Controllers and Adapters to the versions provided below or later.

• Intel® 700 Series Ethernet Controllers and Adapters to version 9.101 or later.
• Intel® E810 Ethernet Controllers and Adapters to version 1.7.0.8 or later.

Updates are available here: Support for Ethernet Products (intel.com)

Acknowledgements:

The following issue was found internally by Intel employees. Intel would like to thank Marc Neustadter.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.