CVE-2019-0145

Published: Nov 14, 2019Modified: Jun 17, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access.

Affected (11)

Products: Intel: Ethernet Controller X710 Tm4 Firmware, Ethernet Controller X710 At2 Firmware, Ethernet Controller Xxv710 Am2 Firmware, Ethernet Controller Xxv710 Am1 Firmware, Ethernet Controller X710 Bm2 Firmware, Ethernet Controller 710 Bm1 Firmware, Ethernet 700 Series Software · Linux: Linux Kernel

Intel

7 products

Ethernet Controller X710 Tm4 Firmware

Ethernet Controller X710 At2 Firmware

Ethernet Controller Xxv710 Am2 Firmware

Ethernet Controller Xxv710 Am1 Firmware

Ethernet Controller X710 Bm2 Firmware

Ethernet Controller 710 Bm1 Firmware

Ethernet 700 Series Software

Linux

1 product

Linux Kernel

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Ethernet Controller X710 Tm4 Firmware	Before 7.0

Running on/with	Platform Versions
Intel Ethernet Controller X710 Tm4	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Ethernet Controller X710 At2 Firmware	Before 7.0

Running on/with	Platform Versions
Intel Ethernet Controller X710 At2	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Ethernet Controller Xxv710 Am2 Firmware	Before 7.0

Running on/with	Platform Versions
Intel Ethernet Controller Xxv710 Am2	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Ethernet Controller Xxv710 Am1 Firmware	Before 7.0

Running on/with	Platform Versions
Intel Ethernet Controller Xxv710 Am1	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Ethernet Controller X710 Bm2 Firmware	Before 7.0

Running on/with	Platform Versions
Intel Ethernet Controller X710 Bm2	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Ethernet Controller 710 Bm1 Firmware	Before 7.0

Running on/with	Platform Versions
Intel Ethernet Controller 710 Bm1	All versions

Configuration G

1 vulnerable

Vulnerable Software	Affected Versions
Intel Ethernet 700 Series Software	Before 24.0

Configuration H

4 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 4.10 to 4.14.205
Linux Linux Kernel	From 4.15 to 4.19.139
Linux Linux Kernel	From 4.20 to 5.2
Linux Linux Kernel	From 4.6 to 4.9.244

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html

Source: secure@intel.com

PatchVendor Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.