VARIoT IoT vulnerabilities database

Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. Intel(R) Ethernet 700 Series Controller Contains a resource exhaustion vulnerability.Denial of service (DoS) May be in a state. Intel Ethernet 700 Series Controllers is a network adapter product from Intel Corporation. An attacker could exploit this vulnerability to cause a denial of service. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. ========================================================================== Ubuntu Security Notice USN-4681-1 January 06, 2021 linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 ESM Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi (V8) systems - linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Details: Ryan Hall discovered that the Intel 700 Series Ethernet Controllers driver in the Linux kernel did not properly deallocate memory in some conditions. (CVE-2019-0148) It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-25656) Minh Yuan discovered that the tty driver in the Linux kernel contained race conditions when handling fonts. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2020-25668) Jinoh Kang discovered that the Xen event channel infrastructure in the Linux kernel contained a race condition. (CVE-2020-27675) Minh Yuan discovered that the framebuffer console driver in the Linux kernel did not properly handle fonts in some conditions. (CVE-2020-28974) It was discovered that Power 9 processors could be coerced to expose information from the L1 cache in certain situations. A local attacker could use this to expose sensitive information. (CVE-2020-4788) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: linux-image-4.4.0-1085-kvm 4.4.0-1085.94 linux-image-4.4.0-1119-aws 4.4.0-1119.133 linux-image-4.4.0-1143-raspi2 4.4.0-1143.153 linux-image-4.4.0-1147-snapdragon 4.4.0-1147.157 linux-image-4.4.0-198-generic 4.4.0-198.230 linux-image-4.4.0-198-generic-lpae 4.4.0-198.230 linux-image-4.4.0-198-lowlatency 4.4.0-198.230 linux-image-4.4.0-198-powerpc-e500mc 4.4.0-198.230 linux-image-4.4.0-198-powerpc-smp 4.4.0-198.230 linux-image-4.4.0-198-powerpc64-emb 4.4.0-198.230 linux-image-4.4.0-198-powerpc64-smp 4.4.0-198.230 linux-image-aws 4.4.0.1119.124 linux-image-generic 4.4.0.198.204 linux-image-generic-lpae 4.4.0.198.204 linux-image-kvm 4.4.0.1085.83 linux-image-lowlatency 4.4.0.198.204 linux-image-powerpc-e500mc 4.4.0.198.204 linux-image-powerpc-smp 4.4.0.198.204 linux-image-powerpc64-emb 4.4.0.198.204 linux-image-powerpc64-smp 4.4.0.198.204 linux-image-raspi2 4.4.0.1143.143 linux-image-snapdragon 4.4.0.1147.139 linux-image-virtual 4.4.0.198.204 Ubuntu 14.04 ESM: linux-image-4.4.0-1083-aws 4.4.0-1083.87 linux-image-4.4.0-198-generic 4.4.0-198.230~14.04.1 linux-image-4.4.0-198-generic-lpae 4.4.0-198.230~14.04.1 linux-image-4.4.0-198-lowlatency 4.4.0-198.230~14.04.1 linux-image-4.4.0-198-powerpc-e500mc 4.4.0-198.230~14.04.1 linux-image-4.4.0-198-powerpc-smp 4.4.0-198.230~14.04.1 linux-image-4.4.0-198-powerpc64-emb 4.4.0-198.230~14.04.1 linux-image-4.4.0-198-powerpc64-smp 4.4.0-198.230~14.04.1 linux-image-aws 4.4.0.1083.80 linux-image-generic-lpae-lts-xenial 4.4.0.198.173 linux-image-generic-lts-xenial 4.4.0.198.173 linux-image-lowlatency-lts-xenial 4.4.0.198.173 linux-image-powerpc-e500mc-lts-xenial 4.4.0.198.173 linux-image-powerpc-smp-lts-xenial 4.4.0.198.173 linux-image-powerpc64-emb-lts-xenial 4.4.0.198.173 linux-image-powerpc64-smp-lts-xenial 4.4.0.198.173 linux-image-virtual-lts-xenial 4.4.0.198.173 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://usn.ubuntu.com/4681-1 CVE-2019-0148, CVE-2020-25656, CVE-2020-25668, CVE-2020-27675, CVE-2020-28974, CVE-2020-4788 Package Information: https://launchpad.net/ubuntu/+source/linux/4.4.0-198.230 https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1119.133 https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1085.94 https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1143.153 https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1147.157

A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution. plural Lenovo ThinkPad The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo 510 15IKL, etc. are all products of Lenovo of China. Lenovo 510 15IKL is a desktop computer. IdeaCentre 300-20ISH is a computer integrated device. IdeaCentre 510-15ICB is a computer all-in-one device. Input validation error vulnerabilities exist in many Lenovo ThinkPad products. Attackers can use this vulnerability to execute arbitrary code

Buffer overflow in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an unauthenticated user to potentially enable an escalation of privilege via an adjacent access. Intel(R) Ethernet 700 Series Controller Contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Ethernet 700 Series Controllers is a network adapter product from Intel Corporation. An attacker could use this vulnerability to achieve privilege elevation

Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access. Intel(R) Ethernet 700 Series Controller Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. IIntel Ethernet 700 Series Controllers are network adapter products from Intel Corporation. An attacker could exploit the vulnerability to cause a denial of service. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access. Intel(R) Ethernet 700 Series Controller Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Intel Ethernet 700 Series Controllers are network adapter products from Intel Corporation. The vulnerability stems from insufficient input validation for the i40e driver. An attacker could exploit the vulnerability to cause a denial of service

Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Intel Ethernet 700 Series Controllers is a network adapter product from Intel Corporation. An attacker could use this vulnerability to achieve privilege elevation

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p, BIOS versions up to R0FET50W, which may allow for unauthorized access. plural Lenovo The product contains an unauthorized authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo ThinkPad T460p and Lenovo ThinkPad T470p are both notebook computers of China Lenovo (Lenovo). There is a security vulnerability in Lenovo ThinkPad T460p and T470p. The vulnerability stems from the program's failure to trigger a BIOS tamper check mechanism. Attackers can use this vulnerability to gain unauthorized access

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. SCALANCE S firewall is used to protect trusted industrial networks from untrusted networks. There is a denial of service vulnerability in the SIEMENS SCALAN CES-600 family. An attacker could use the vulnerability to send packets to the affected device's 443 / tcp port, resulting in a denial of service situation

Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. Intel(R) Ethernet 700 Series Controller Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Intel Ethernet 700 Series Controllers is a network adapter product from Intel Corporation. A denial of service vulnerability exists in Intel Ethernet 700 Series Controllers prior to 7.0. The vulnerability stems from insufficient input validation of the controller's i40e driver. An attacker could exploit this vulnerability to cause a denial of service

Insufficient access control in ilp60x64.sys driver for Intel(R) Ethernet 700 Series Controllers before version 1.33.0.0 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) Ethernet 700 Series Controller Contains a privilege management vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Ethernet 700 Series Controllers are network adapter products from Intel Corporation. An attacker could exploit this vulnerability to achieve privilege escalation

A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) (All versions with Function State (FS) < 11), SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 11), SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 12), SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of the affected devices that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process. SIMATIC S7-1200 CPU family and S7-200 SMART CPU family Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens SIMATIC S7-1200 CPU family products are designed for discrete and continuous control in industrial environments such as manufacturing, food and beverage, and chemical industries. A security hole exists in the Siemens SIMATIC S7-1200 CPU. At the time of advisory publication no public exploitation of this security vulnerability was known

Insufficient access control in firmware Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow a privileged user to potentially enable a denial of service via local access. Intel(R) Ethernet 700 Series Controller Contains an unauthorized authentication vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Intel Ethernet 700 Series Controllers is a network adapter product from Intel Corporation. An attacker could exploit this vulnerability to cause a denial of service

Unhandled exception in Kernel-mode drivers for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. Intel(R) Ethernet 700 Series Controller Contains a vulnerability in handling exceptional conditions.Service operation interruption (DoS) There is a possibility of being put into a state. Intel Ethernet 700 Series Controllers is a network adapter product from Intel Corporation. An attacker could exploit this vulnerability to cause a denial of service

Insufficient input validation in MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) CSME and Intel(R) TXE Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Intel Converged Security and Management Engine (CSME) and Intel TXE are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). A security vulnerability exists in the MEInfo software in Intel CSME and Intel TXE due to insufficient input validation. A local attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected: Intel CSME before 11.8.70, before 11.11.70, before 11.22.70, before 12.0.45, before 13.0.10, before 14.0.10; Intel TXE 3.1.70 Previous versions, versions before 4.0.20

Insufficient access control in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow a privileged user to potentially enable an escalation of privilege, denial of service, or information disclosure via local access. Intel(R) Ethernet 700 Series Controller Contains a privilege management vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Ethernet 700 Series Controllers is a network adapter product from Intel Corporation. An attacker could use this vulnerability to elevate privileges, cause a denial of service, or obtain information

Cryptographic timing conditions in the subsystem for Intel(R) PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel(R) TXE 3.1.70 and 4.0.20; Intel(R) SPS before versions SPS_E5_04.01.04.305.0, SPS_SoC-X_04.00.04.108.0, SPS_SoC-A_04.00.04.191.0, SPS_E3_04.01.04.086.0, SPS_E3_04.08.04.047.0 may allow an unauthenticated user to potentially enable information disclosure via network access. Intel(R) PTT , TXE , SPS Contains a race condition vulnerability.Information may be obtained. Intel Server Platform Services (SPS) and others are products of Intel Corporation of the United States. Intel Server Platform Services is a server platform service program. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). Intel Platform Trust Technology (PTT) is an Intel platform trusted technology, mainly used for key management (key encryption and storage) and security authentication. Security vulnerabilities exist in subsystems in Intel PTT, Intel TXE, and Intel SPS. An attacker could exploit this vulnerability to disclose information. The following products and versions are affected: Intel PTT before 11.8.70, before 11.11.70, before 11.22.70, before 12.0.45, before 13.0.0, before 14.0.10; Intel TXE 3.1.70 Version, version 4.0.20; Intel SPS version before SPS_E5_04.01.04.305.0, version before SPS_SoC-X_04.00.04.108.0, version before SPS_SoC-A_04.00.04.191.0, version before SPS_E3_04.01.04.086.0, version before SPS_E3_04.08.04.0 previous version

Insufficient input validation in Intel(R) DAL software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access. Intel(R) DAL software, Intel(R) CSME , Intel(R) TXE Contains an input validation vulnerability.Information may be obtained. Both Intel Converged Security and Management Engine (CSME) and Intel TXE are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). Intel DAL is one of the dynamic application loaders. A local attacker could exploit this vulnerability to disclose information. The following products and versions are affected: Intel CSME before 11.8.70, before 11.11.70, before 11.22.70, before 12.0.45, before 13.0.10, before 14.0.10; Intel TXE 3.1.70 Previous versions, versions before 4.0.20

Insufficient session validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) CSME and Intel(R) TXE Contains a session expiration vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Intel Converged Security and Management Engine (CSME) and Intel TXE are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). A security vulnerability exists in a subsystem in Intel CSME and Intel TXE due to the program's insufficient authentication of sessions. A local attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected: Intel CSME before 11.8.70, before 12.0.45, before 13.0.10, before 14.0.10; Intel TXE before 3.1.70, before 4.0.20

Improper directory permissions in the installer for Intel(R) Management Engine Consumer Driver for Windows before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45,13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Management Engine Consumer Drivers and TXE Contains a vulnerability with inappropriate default permissions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Intel TXE and Intel Management Engine Consumer Driver are products of Intel Corporation of the United States. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). Intel Management Engine Consumer Driver is a management engine Consumer driver. A security vulnerability exists in the installer of Intel TXE and the Intel Management Engine Consumer Driver for Windows-based platforms. A local attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected: Intel Management Engine Consumer Driver prior to 11.8.70, prior to 11.11.70, prior to 11.22.70, prior to 12.0.45, prior to 13.0.10, prior to 14.0.10; Intel TXE Versions before 3.1.70 and versions before 4.0.20

Insufficient input validation in subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. Intel(R) AMT Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Active Management Technology (AMT) is a set of hardware-based computer remote active management technology software developed by Intel Corporation. An attacker in physical proximity could exploit this vulnerability to elevate privileges