Fixed
Created: Nov 14, 2019
Updated: Nov 20, 2019
Resolved Date: Nov 20, 2019
Found In Version: 10.19.45.1
Severity: Standard
Applicable for: Wind River Linux LTS 19
Component/s: Kernel
Buffer overflow in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an unauthenticated user to potentially enable an escalation of privilege via an adjacent access.
CREATE(Triage):(User=admin) [CVE-2019-0140|https://nvd.nist.gov/vuln/detail/CVE-2019-0140]
This is a firmware issue that can only be resolved by firmware upgrading. Both newest firmware and tools used to upgrade it is released and maintained by Intel.
Intel released their NIC firmware package here:
[https://downloadcenter.intel.com/download/24769/Non-Volatile-Memory-NVM-Update-Utility-for-Intel-Ethernet-Network-Adapter-700-Series]
Till now, the newest version is V-7.1, for this very CVE issue, you can also choose V-7.0.
For the method to upgrade it, please refer to our Security Vulnerability Notice here:
[https://support2.windriver.com/index.php?page=security-notices&on=view&id=6719]
Section "Steps to upgrade firmware for Intel Ethernet 700 Series Controller".
