Out-of-Bounds Write in Intel Ethernet Network Controllers and Adapters
CVE-2022-36382

6MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Ethernet Network Controllers And Adapters E810 Series And Some Intel(r) Ethernet 700 Series Controllers And Adapters
Vendor: CVE Published:; 16 February 2023

What is CVE-2022-36382?

The vulnerability allows a privileged user to perform an out-of-bounds write in the firmware of specific Intel Ethernet Network Controllers and Adapters. If exploited, this may permit local access that potentially leads to denial of service, impacting network reliability and performance. The affected products include the E810 Series and 700 Series controllers and adapters, emphasizing the need for immediate firmware updates to mitigate risks.

Affected Version(s)

Intel(R) Ethernet Network Controllers and Adapters E810 Series and some Intel(R) Ethernet 700 Series Controllers and Adapters before version 1.7.0.8 and before version 9.101

References

http://www.intel.com/content/www/us/en/security-center/ad...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 16, 2023
Vulnerability Reserved
Jul 24, 2022