CVE-2023-22276
4.7
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 1.0 / Impact: 3.6
Source: NVD
Description
Race condition in firmware for some Intel(R) Ethernet Controllers and Adapters E810 Series before version 1.7.2.4 may allow an authenticated user to potentially enable denial of service via local access.
Affected (3)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.7.2.4 |
| Running on/with | Platform Versions |
|---|---|
Intel Ethernet Network Controller E810 Xxvam2 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.7.2.4 |
| Running on/with | Platform Versions |
|---|---|
Intel Ethernet Network Controller E810 Cam1 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.7.2.4 |
| Running on/with | Platform Versions |
|---|---|
Intel Ethernet Network Controller E810 Cam2 | All versions |
Related CWEs
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
CWE-421
Race Condition During Access to Alternate Channel
The product opens an alternate channel to communicate with an authorized user, but the channel is accessible to other actors.
References (4)
Source: secure@intel.com
Vendor Advisory
Source: secure@intel.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.