Details of VAR-202508-0992

ID

VAR-202508-0992

CVE

CVE-2025-24486

TITLE

Intel 700 Series Ethernet Input Validation Error Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-19265

DESCRIPTION

Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege via local access. The Intel 700 Series Ethernet is a high-performance Ethernet controller family from Intel Corporation

Trust: 1.44

sources: NVD: CVE-2025-24486 // CNVD: CNVD-2025-19265

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-19265

AFFECTED PRODUCTS

vendor:

intel

model:

series ethernet

scope:

version:

700<2.28.5

Trust: 0.6

sources: CNVD: CNVD-2025-19265

CVSS

SEVERITY

CVSSV2

CVSSV3

secure@intel.com:	CVE-2025-24486
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-19265
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-19265
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:L/AC:H/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

secure@intel.com:	CVE-2025-24486
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.1
impactScore:	6.0
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-19265 // NVD: CVE-2025-24486

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.0

sources: NVD: CVE-2025-24486

PATCH

title:

Patch for Intel 700 Series Ethernet Input Validation Error Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/723006

Trust: 0.6

sources: CNVD: CNVD-2025-19265

EXTERNAL IDS

db:	NVD	id:	CVE-2025-24486	Trust: 1.6
db:	CNVD	id:	CNVD-2025-19265	Trust: 0.6

sources: CNVD: CNVD-2025-19265 // NVD: CVE-2025-24486

REFERENCES

url:	https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01335.html	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-24486	Trust: 0.6

sources: CNVD: CNVD-2025-19265 // NVD: CVE-2025-24486

SOURCES

db:	CNVD	id:	CNVD-2025-19265
db:	NVD	id:	CVE-2025-24486

LAST UPDATE DATE

2025-08-23T23:24:15.060000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-19265	date:	2025-08-22T00:00:00
db:	NVD	id:	CVE-2025-24486	date:	2025-08-13T17:34:12.350

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-19265	date:	2025-08-22T00:00:00
db:	NVD	id:	CVE-2025-24486	date:	2025-08-12T17:15:34.213