Fixed
Created: Nov 14, 2019
Updated: Nov 20, 2019
Resolved Date: Nov 20, 2019
Found In Version: 7.0.0.1
Severity: Standard
Applicable for: Wind River Linux 7
Component/s: Kernel
Insufficient access control in firmware Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow a privileged user to potentially enable a denial of service via local access.
CREATE(Triage):(User=admin) [CVE-2019-0150|https://nvd.nist.gov/vuln/detail/CVE-2019-0150]
This is a firmware issue that can only be resolved by firmware upgrading. Both newest firmware and tools used to upgrade it is released and maintained by Intel.
Intel released their NIC firmware package here:
[https://downloadcenter.intel.com/download/24769/Non-Volatile-Memory-NVM-Update-Utility-for-Intel-Ethernet-Network-Adapter-700-Series]
Till now, the newest version is V-7.1, for this very CVE issue, you can also choose V-7.0.
For the method to upgrade it, please refer to our Security Vulnerability Notice here:
[https://support2.windriver.com/index.php?page=security-notices&on=view&id=6719]
Section "Steps to upgrade firmware for Intel Ethernet 700 Series Controller".
