Potential security vulnerabilities in some Intel® Ethernet Controllers and Adapters may allow denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities.****
CVEID: CVE-2021-33126
Description: Improper access control in the firmware for some Intel® 700 and 722 Series Ethernet Controllers and Adapters before versions 8.5 and 1.5.5 may allow a privileged user to potentially enable denial of service via local access.
CVSS Base Score: 5.1 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H****
CVEID: CVE-2021-33128
Description: Improper access control in the firmware for some Intel® E810 Ethernet Controllers before version 1.6.0.6 may allow a privileged user to potentially enable denial of service via local access.
CVSS Base Score: 5.1 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H ****
CVEID: CVE-2022-28709
Description: Improper access control in the firmware for some Intel® E810 Ethernet Controllers before version 1.6.1.9 may allow a privileged user to potentially enable denial of service via local access.
CVSS Base Score: 4.1 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H****
Intel® 700 Series Ethernet Controllers and Adapters before version 8.5.
Firmware version, as reported by the device, corresponding to the release numbers above are:
Software Release Version 26.6: Device reports 8.5, NVM version 8.50.
Intel® 722 Series Ethernet Controllers and Adapters before version 1.5.5.
Intel® E810 Ethernet Controllers and Adapters before version 1.6.0.6.
Intel® E810 Ethernet Controllers and Adapters before version1.6.1.9
Intel recommends updating the firmware for impacted Intel® Ethernet Controllers and Adapters to the versions provided below or later.
Updates are available for download at this location:
<https://downloadcenter.intel.com/product/36773/Ethernet-Products>
The following issues were found internally by Intel employees. Intel would like to thank Dmitry Shvarts and Dmitry Tsimbler.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.