CVE-2019-0145: Buffer Overflow
First published: Thu Nov 14 2019(Updated: )
Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access.
Credit: secure@intel.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Intel Ethernet Controller x710-tm4 | <7.0 | |
| Intel Ethernet Controller x710-tm4 | ||
| Intel Ethernet Controller x710-at2 | <7.0 | |
| Intel Ethernet Controller x710-at2 | ||
| Intel Ethernet Controller XXV710-AM2 | <7.0 | |
| Intel Ethernet Controller xxv710-am2 firmware | ||
| Intel Ethernet Controller XXV710-AM1 | <7.0 | |
| Intel Ethernet Controller XXV710-AM1 Firmware | ||
| Intel Ethernet Controller x710-bm2 | <7.0 | |
| Intel Ethernet Controller x710-bm2 firmware | ||
| Intel Ethernet Controller XL710-BM1 Firmware | <7.0 | |
| Intel Ethernet Controller 710-bm1 Firmware | ||
| Intel Ethernet 700 Series software | <24.0 | |
| Linux Kernel | >=4.6<4.9.244 | |
| Linux Kernel | >=4.10<4.14.205 | |
| Linux Kernel | >=4.15<4.19.139 | |
| Linux Kernel | >=4.20<5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-0145?
CVE-2019-0145 is a vulnerability in the i40e driver for Intel Ethernet 700 Series Controllers, allowing an authenticated user to potentially enable an escalation of privilege via local access.
What is the severity of CVE-2019-0145?
CVE-2019-0145 has a severity rating of 7.8 (high).
Which software versions are affected by CVE-2019-0145?
CVE-2019-0145 affects Intel(R) Ethernet Controller X710-tm4 Firmware versions up to 7.0, Intel(R) Ethernet Controller X710-at2 Firmware versions up to 7.0, and Intel(R) Ethernet Controller Xxv710-am2 Firmware versions up to 7.0.
How can an attacker exploit CVE-2019-0145?
An attacker can exploit CVE-2019-0145 by using a buffer overflow in the i40e driver to potentially enable an escalation of privilege.
Where can I find more information about CVE-2019-0145?
You can find more information about CVE-2019-0145 in the advisory published by Intel: [Intel-SA-00255](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html).
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/references
- agent/severity
- agent/last-modified-date
- agent/remedy
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/intel
- canonical/intel ethernet controller x710-tm4
- canonical/intel ethernet controller x710-at2
- canonical/intel ethernet controller xxv710-am2
- canonical/intel ethernet controller xxv710-am2 firmware
- canonical/intel ethernet controller xxv710-am1
- canonical/intel ethernet controller xxv710-am1 firmware
- canonical/intel ethernet controller x710-bm2
- canonical/intel ethernet controller x710-bm2 firmware
- canonical/intel ethernet controller xl710-bm1 firmware
- canonical/intel ethernet controller 710-bm1 firmware
- canonical/intel ethernet 700 series software
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.6
- version/linux kernel/4.10
- version/linux kernel/4.15
- version/linux kernel/4.20