CVE-2019-0148

Published: Nov 14, 2019Modified: Jun 17, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.

Affected (7)

Products: Intel: Ethernet Controller X710 Tm4 Firmware, Ethernet Controller X710 At2 Firmware, Ethernet Controller Xxv710 Am2 Firmware, Ethernet Controller Xxv710 Am1 Firmware, Ethernet Controller X710 Bm2 Firmware, Ethernet Controller 710 Bm1 Firmware, Ethernet 700 Series Software

Intel

7 products

Ethernet Controller X710 Tm4 Firmware

Ethernet Controller X710 At2 Firmware

Ethernet Controller Xxv710 Am2 Firmware

Ethernet Controller Xxv710 Am1 Firmware

Ethernet Controller X710 Bm2 Firmware

Ethernet Controller 710 Bm1 Firmware

Ethernet 700 Series Software

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Ethernet Controller X710 Tm4 Firmware	Before 7.0

Running on/with	Platform Versions
Intel Ethernet Controller X710 Tm4	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Ethernet Controller X710 At2 Firmware	Before 7.0

Running on/with	Platform Versions
Intel Ethernet Controller X710 At2	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Ethernet Controller Xxv710 Am2 Firmware	Before 7.0

Running on/with	Platform Versions
Intel Ethernet Controller Xxv710 Am2	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Ethernet Controller Xxv710 Am1 Firmware	Before 7.0

Running on/with	Platform Versions
Intel Ethernet Controller Xxv710 Am1	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Ethernet Controller X710 Bm2 Firmware	Before 7.0

Running on/with	Platform Versions
Intel Ethernet Controller X710 Bm2	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Ethernet Controller 710 Bm1 Firmware	Before 7.0

Running on/with	Platform Versions
Intel Ethernet Controller 710 Bm1	All versions

Configuration G

1 vulnerable

Vulnerable Software	Affected Versions
Intel Ethernet 700 Series Software	Before 24.0

Related CWEs

CWE-772

Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

References (2)

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html

Source: secure@intel.com

PatchVendor Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.