From: Moritz Muehlenhoff <jmm@inutil.org>
To: intel-wired-lan@osuosl.org
Subject: [Intel-wired-lan] Further information on CVE-2019-0145/CVE-2019-0146/CVE-2019-0147/CVE-2019-0148/CVE-2019-0149 for Linux?
Date: Thu, 16 Jul 2020 22:39:02 +0200 [thread overview]
Message-ID: <20200716203902.acn3ea2b4iorxlhq@inutil.org> (raw)
Hi,
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html refers
to vulnerabilities in Intel Ethernet drivers and a few of them refer to the i40e driver
specifically:
CVEID: CVE-2019-0145
Description: Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers
versions before 7.0 may allow an authenticated user to potentially enable an escalation
of privilege via local access.
CVEID: CVE-2019-0146
Description: Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers
versions before 2.8.43 may allow an authenticated user to potentially enable a denial of
service via local access.
CVEID: CVE-2019-0147
Description: Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series
Controllers versions before 7.0 may allow an authenticated user to potentially enable a
denial of service via local access.
CVEID: CVE-2019-0148
Description: Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers
versions before 7.0 may allow an authenticated use to potentially enable a denial of
service via local access.
CVEID: CVE-2019-0149
Description: Insufficient input validation in i40e driver for Intel(R) Ethernet 700
Series Controllers versions before 2.8.43 may allow an authenticated user to potentially
enable a denial of service via local access.
Is there any further information which commits fixed these and if so, were they submitted
to stable kernels? (The Debian kernels are based on 4.9.x and 4.19.x LTS kernels, so that
we can make sure these are addressed in stable/oldstable releases)
Cheers,
Moritz
next reply other threads:[~2020-07-16 20:39 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-16 20:39 Moritz Muehlenhoff [this message]
2020-07-28 18:10 ` [Intel-wired-lan] Further information on CVE-2019-0145/CVE-2019-0146/CVE-2019-0147/CVE-2019-0148/CVE-2019-0149 for Linux? Jesse Brandeburg
2020-08-02 21:04 ` Moritz =?unknown-8bit?q?M=C3=BChlenhoff?=
2020-08-10 18:47 ` Salvatore Bonaccorso
2020-08-10 21:59 ` Jesse Brandeburg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200716203902.acn3ea2b4iorxlhq@inutil.org \
--to=jmm@inutil.org \
--cc=intel-wired-lan@osuosl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.