Vulnerability Description
Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable information disclosure via local access.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Intel | Ethernet Network Adapter E810 Firmware | < 1.0.4 |
| Intel | Ethernet Network Adapter E810-Cqda1 | - |
| Intel | Ethernet Network Adapter E810-Cqda1 For Ocp | - |
| Intel | Ethernet Network Adapter E810-Cqda1 For Ocp 3.0 | - |
| Intel | Ethernet Network Adapter E810-Cqda2 | - |
| Intel | Ethernet Network Adapter E810-Cqda2 For Ocp 3.0 | - |
| Intel | Ethernet Network Adapter E810-Xxvda2 | - |
| Intel | Ethernet Network Adapter E810-Xxvda2 For Ocp | - |
| Intel | Ethernet Network Adapter E810-Xxvda2 For Ocp 3.0 | - |
| Intel | Ethernet Network Adapter E810-Xxvda4 | - |
References
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00462.PatchVendor Advisory
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00462.PatchVendor Advisory
FAQ
What is CVE-2020-24503?
CVE-2020-24503 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable information disclosure via local access.
How severe is CVE-2020-24503?
CVE-2020-24503 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-24503?
Check the references section above for vendor advisories and patch information. Affected products include: Intel Ethernet Network Adapter E810 Firmware, Intel Ethernet Network Adapter E810-Cqda1, Intel Ethernet Network Adapter E810-Cqda1 For Ocp, Intel Ethernet Network Adapter E810-Cqda1 For Ocp 3.0, Intel Ethernet Network Adapter E810-Cqda2.