Sign-up

ID

VAR-201801-0068


CVE

CVE-2015-1142857


TITLE

From multiple vendors NIC Firmware Linux kernel ixgbe Vulnerabilities related to security functions in drivers, etc.

Trust: 0.8

sources: JVNDB: JVNDB-2015-008103

DESCRIPTION

On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected. The Linux kernel is the kernel used by the operating system Linux released by the American Linux Foundation. Linux kernel ixgbe driver and i40e/i40evf driver are the network card drivers; DPDK is one of the data plane development kits. Security vulnerabilities exist in several products. An attacker could exploit this vulnerability to control the throughput and latency of other virtual machines

Trust: 1.71

sources: NVD: CVE-2015-1142857 // JVNDB: JVNDB-2015-008103 // VULHUB: VHN-79103

AFFECTED PRODUCTS

vendor:dpdkmodel:dpdkscope:eqversion: -

Trust: 1.6

vendor:intelmodel:x540scope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernel ixgbescope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernel i40e\/i40evfscope:eqversion: -

Trust: 1.0

vendor:intelmodel:82599scope:eqversion: -

Trust: 1.0

vendor:intelmodel:x710scope:eqversion: -

Trust: 1.0

vendor:intelmodel:i350scope:eqversion: -

Trust: 1.0

vendor:intelmodel:82576scope:eqversion: -

Trust: 1.0

vendor:dpdkmodel:dpdkscope:ltversion:commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0

Trust: 0.8

vendor:linuxmodel:i40e/i40evfscope:ltversion:commit e7358f54a3954df16d4f87e3cad35063f1c17de5

Trust: 0.8

vendor:linuxmodel:ixgbescope:ltversion:commit f079fa005aae08ee0e1bc32699874ff4f02e11c1

Trust: 0.8

vendor:intelmodel:10g 82599 ethernet controllerscope: - version: -

Trust: 0.8

vendor:intelmodel:82576 gigabit ethernet controllerscope: - version: -

Trust: 0.8

vendor:intelmodel:ethernet controller i350scope: - version: -

Trust: 0.8

vendor:intelmodel:ethernet controller x540scope: - version: -

Trust: 0.8

vendor:intelmodel:ethernet controller x710scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2015-008103 // CNNVD: CNNVD-201801-890 // NVD: CVE-2015-1142857

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-1142857
value: HIGH

Trust: 1.0

NVD: CVE-2015-1142857
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201801-890
value: MEDIUM

Trust: 0.6

VULHUB: VHN-79103
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-1142857
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-79103
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-1142857
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-79103 // JVNDB: JVNDB-2015-008103 // CNNVD: CNNVD-201801-890 // NVD: CVE-2015-1142857

PROBLEMTYPE DATA

problemtype:CWE-254

Trust: 1.9

sources: VULHUB: VHN-79103 // JVNDB: JVNDB-2015-008103 // NVD: CVE-2015-1142857

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-890

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201801-890

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-008103

PATCH
title:Top PageIurl:http://dpdk.org/
Trust: 0.8
title:INTEL-SA-00046url:https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00046&languageid=en-fr
Trust: 0.8
title:SysTutorials: i40e/i40evfurl:https://www.systutorials.com/linux-kernels/tag/i40e-i40evf/
Trust: 0.8
title:Various product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78042
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-008103 // 
            
            
            
            CNNVD: CNNVD-201801-890

EXTERNAL IDS
db:NVDid:CVE-2015-1142857
Trust: 2.5
db:JVNDBid:JVNDB-2015-008103
Trust: 0.8
db:CNNVDid:CNNVD-201801-890
Trust: 0.7
db:VULHUBid:VHN-79103
Trust: 0.1
sources:
            
            
            VULHUB: VHN-79103 // 
            
            
            
            JVNDB: JVNDB-2015-008103 // 
            
            
            
            CNNVD: CNNVD-201801-890 // 
            
            
            
            NVD: CVE-2015-1142857

REFERENCES
url:https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-smolyar.pdf
Trust: 1.7
url:http://seclists.org/oss-sec/2015/q4/425
Trust: 1.7
url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00046&languageid=en-fr
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1142857
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-1142857
Trust: 0.8
url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00046&languageid=en-fr
Trust: 0.1
sources:
            
            
            VULHUB: VHN-79103 // 
            
            
            
            JVNDB: JVNDB-2015-008103 // 
            
            
            
            CNNVD: CNNVD-201801-890 // 
            
            
            
            NVD: CVE-2015-1142857

SOURCES
db:VULHUBid:VHN-79103
db:JVNDBid:JVNDB-2015-008103
db:CNNVDid:CNNVD-201801-890
db:NVDid:CVE-2015-1142857

LAST UPDATE DATE
2024-11-23T22:52:14.493000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-79103date:2018-02-15T00:00:00
db:JVNDBid:JVNDB-2015-008103date:2018-03-05T00:00:00
db:CNNVDid:CNNVD-201801-890date:2018-01-25T00:00:00
db:NVDid:CVE-2015-1142857date:2024-11-21T02:24:27.960

SOURCES RELEASE DATE
db:VULHUBid:VHN-79103date:2018-01-23T00:00:00
db:JVNDBid:JVNDB-2015-008103date:2018-03-05T00:00:00
db:CNNVDid:CNNVD-201801-890date:2018-01-24T00:00:00
db:NVDid:CVE-2015-1142857date:2018-01-23T14:29:00.220