A flaw was found in the Linux kernel. This flaw allows a local, authenticated user to enable information disclosure due to an improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers. The highest threat from this vulnerability is to confidentiality.
{"id": "RH:CVE-2021-0003", "vendorId": null, "type": "redhatcve", "bulletinFamily": "info", "title": "CVE-2021-0003", "description": "A flaw was found in the Linux kernel. This flaw allows a local, authenticated user to enable information disclosure due to an improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers. The highest threat from this vulnerability is to confidentiality.\n", "published": "2021-08-18T17:12:27", "modified": "2023-09-15T01:27:13", "epss": [{"cve": "CVE-2021-0003", "epss": 0.00044, "percentile": 0.1034, "modified": "2023-12-06"}], "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1}, "severity": "LOW", "exploitabilityScore": 3.9, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "href": "https://access.redhat.com/security/cve/cve-2021-0003", "reporter": "redhat.com", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-0003\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-0003\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00515.html", "https://bugzilla.redhat.com/show_bug.cgi?id=1995242"], "cvelist": ["CVE-2021-0003"], "immutableFields": [], "lastseen": "2023-12-07T17:44:08", "viewCount": 20, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-0003"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00515"]}, {"type": "lenovo", "idList": ["LENOVO:PS500433-INTEL-ETHERNET-LINUX-DRIVER-ADVISORY-NOSID"]}, {"type": "prion", "idList": ["PRION:CVE-2021-0003"]}]}, "score": {"value": 2.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2021-0003"]}, {"type": "lenovo", "idList": ["LENOVO:PS500433-INTEL-ETHERNET-LINUX-DRIVER-ADVISORY-NOSID"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2021-0003", "epss": 0.00044, "percentile": 0.10249, "modified": "2023-05-08"}], "vulnersScore": 2.9}, "_state": {"dependencies": 1701971110, "score": 1701971227, "epss": 0}, "_internal": {"score_hash": "dcc87cb94127b851f4457402caad85eb"}, "vendorCvss": {"score": "5.5", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}}
{"prion": [{"lastseen": "2023-11-22T00:28:25", "description": "Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-11T13:15:00", "type": "prion", "title": "Input validation", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-0003"], "modified": "2021-09-14T18:36:00", "id": "PRION:CVE-2021-0003", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2021-0003", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2023-12-07T16:12:39", "description": "Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure via local access.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-08-11T13:15:00", "type": "cve", "title": "CVE-2021-0003", "cwe": ["CWE-755"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-0003"], "modified": "2021-09-14T18:36:00", "cpe": [], "id": "CVE-2021-0003", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0003", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}], "lenovo": [{"lastseen": "2021-08-11T16:37:22", "description": "**Lenovo Security Advisory: **LEN-60195\n\n**Potential Impact: **Denial of Service, escalation of privilege, information disclosure\n\n**Severity: **High\n\n**Scope of Impact: **Industry-wide\n\n**CVE Identifier: **CVE-2021-0084, CVE-2021-0002, CVE-2021-0003\n\n**Summary Description:**\n\nIntel reported potential security vulnerabilities in some Intel Ethernet Controllers X722 and 800 series Linux drivers that may allow denial of service, escalation of privilege, or information disclosure.\n\n**Mitigation Strategy for Customers (what you should do to protect yourself):**\n\nIntel recommends updating the Intel Ethernet drivers to the version (or newer) indicated for your model in the Product Impact section.\n", "cvss3": {}, "published": "2021-08-10T19:44:37", "type": "lenovo", "title": "Intel Ethernet Linux Driver Advisory - Lenovo Support NL", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-0003", "CVE-2021-0084", "CVE-2021-0002"], "modified": "2021-08-10T19:50:56", "id": "LENOVO:PS500433-INTEL-ETHERNET-LINUX-DRIVER-ADVISORY-NOSID", "href": "https://support.lenovo.com/nl/nl/product_security/ps500433-intel-ethernet-linux-driver-advisory", "cvss": {"score": 0.0, "vector": "NONE"}}], "intel": [{"lastseen": "2023-03-14T22:05:21", "description": "### Summary: \n\nPotential security vulnerabilities in some Intel\u00ae Ethernet Controllers X722 and 800 series Linux drivers may allow denial of service, escalation of privilege or information disclosure. Intel is releasing software driver updates to mitigate these potential vulnerabilities.\n\n### Vulnerability Details:\n\nCVEID: [CVE-2021-0084](<https://vulners.com/cve/CVE-2021-0084>)\n\nDescription: Improper input validation in the Intel(R) Ethernet Controllers X722 and 800 series Linux RMDA driver before version 1.3.19 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\nCVSS Base Score: 8.8 High\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H>)****\n\nCVEID: [CVE-2021-0002](<https://vulners.com/cve/CVE-2021-0002>)\n\nDescription: Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure or denial of service via local access.\n\nCVSS Base Score: 4.4 Medium\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L>)\n\nCVEID: [CVE-2021-0003](<https://vulners.com/cve/CVE-2021-0003>)\n\nDescription: Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure via local access.\n\nCVSS Base Score: 3.8 Low\n\nCVSS Vector: [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N>)\n\n### Affected Products:\n\nIntel\u00ae Ethernet Controllers X722 and 800 series before Linux RMDA driver version 1.3.19.\n\nIntel\u00ae Ethernet Controllers 800 series Linux driver before version 1.4.11.\n\n### Recommendations:\n\nIntel recommends updating Intel\u00ae Ethernet Controllers X722 and 800 series drivers to the latest versions.****\n\nUpdates are available for download at this location:\n\n<https://www.intel.com/content/www/us/en/support/products/36773/ethernet-products.html>\n\n### Acknowledgements:\n\nCVE-2021-0084 was found externally. CVE-2021-0002 and CVE-2021-0003 were found internally by Intel employees.\n\nIntel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.\n", "cvss3": {}, "published": "2021-08-10T00:00:00", "type": "intel", "title": "Intel\u00ae Ethernet Linux Driver Advisory", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-0002", "CVE-2021-0003", "CVE-2021-0084"], "modified": "2021-08-10T00:00:00", "id": "INTEL:INTEL-SA-00515", "href": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00515.html", "cvss": {"score": 0.0, "vector": "NONE"}}]}
CVE-2021-0003
