A potential security vulnerability in some Intel® Ethernet Controllers and Adapters may allow denial of service. Intel is releasing firmware updates to mitigate this potential vulnerability.
CVEID: CVE-2022-36382
Description: Out-of-bounds write in firmware for some Intel® Ethernet Network Controllers and Adapters E810 Series before version 1.7.0.8 and some Intel® Ethernet 700 Series Controllers and Adapters before version 9.101 may allow a privileged user to potentially enable denial of service via local access.
CVSS Base Score: 6.0 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Intel® Ethernet Network Controllers and Adapters E810 (Columbiaville) Series before version 1.7.0.8:
Intel® Ethernet X710 (Fortville) Series Controllers and Adapters before version 9.101:
Intel recommends updating the firmware for impacted Intel® Ethernet Controllers and Adapters to the versions provided below or later.
Updates are available here: Support for Ethernet Products (intel.com)
The following issue was found internally by Intel employees. Intel would like to thank Marc Neustadter.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.