Vulnerability Description
On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Intel | X710 Firmware | - |
| Intel | X710 | - |
| Intel | 82599 Firmware | - |
| Intel | 82599 | - |
| Intel | X540 Firmware | - |
| Intel | X540 | - |
| Intel | I350 Firmware | - |
| Intel | I350 | - |
| Intel | 82576 Firmware | - |
| Intel | 82576 | - |
| Linux | Linux Kernel Ixgbe | - |
| Linux | Linux Kernel I40E\/I40Evf | - |
| Dpdk | Dpdk | - |
Related Weaknesses (CWE)
References
- http://seclists.org/oss-sec/2015/q4/425Mailing ListPatchThird Party Advisory
- https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00046&languageiMitigationVendor Advisory
- https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-smolTechnical DescriptionThird Party Advisory
- http://seclists.org/oss-sec/2015/q4/425Mailing ListPatchThird Party Advisory
- https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00046&languageiMitigationVendor Advisory
- https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-smolTechnical DescriptionThird Party Advisory
FAQ
What is CVE-2015-1142857?
CVE-2015-1142857 is a vulnerability with a CVSS score of 8.6 (HIGH). On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc326...
How severe is CVE-2015-1142857?
CVE-2015-1142857 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-1142857?
Check the references section above for vendor advisories and patch information. Affected products include: Intel X710 Firmware, Intel X710, Intel 82599 Firmware, Intel 82599, Intel X540 Firmware.