Vulnerabilities > CVE-2019-0139 - Unspecified vulnerability in Intel products

047910
CVSS 6.7 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
intel
nessus

Summary

Insufficient access control in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow a privileged user to potentially enable an escalation of privilege, denial of service, or information disclosure via local access.

Nessus

  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2020-0019.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - KVM: x86: Remove spurious semicolon (Joao Martins) [Orabug: 31413782] - genirq: Use rcu in kstat_irqs_usr (Eric Dumazet) - genirq: Make sparse_irq_lock protect what it should protect (Thomas Gleixner) [Orabug: 30953676] - genirq: Free irq_desc with rcu (Thomas Gleixner) [Orabug: 30953676] - qla2xxx: Update driver version to 9.00.00.00.42.0-k1-v2 (Arun Easi) [Orabug: 30372266] - qla2xxx: Fix device discovery when FCP2 device is lost. (Arun Easi) [Orabug: 30372266] - brcmfmac: add subtype check for event handling in data path (John Donnelly) [Orabug: 30776354] (CVE-2019-9503) - percpu-refcount: fix reference leak during percpu-atomic transition (Douglas Miller) [Orabug: 30867060] - blk-mq: Allow timeouts to run while queue is freezing (Gabriel Krisman Bertazi) [Orabug: 30867060] - fs/dcache.c: fix spin lockup issue on nlru->lock (Junxiao Bi) [Orabug: 30953290] - jbd2: disable CONFIG_JBD2_DEBUG (Junxiao Bi) [Orabug: 31234664] - mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf (Navid Emamdoost) [Orabug: 31246302] (CVE-2019-19056) - drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl (Vladis Dronov) [Orabug: 31262557] (CVE-2017-7346) - i40e: Increment the driver version for FW API update (Jack Vogel) [Orabug: 31051191] (CVE-2019-0140) (CVE-2019-0139) (CVE-2019-0144) - i40e: Update FW API version to 1.9 (Piotr Azarewicz) [Orabug: 31051191] (CVE-2019-0140) (CVE-2019-0139) (CVE-2019-0144) - i40e: Changed maximum supported FW API version to 1.8 (Adam Ludkiewicz) [Orabug: 31051191] (CVE-2019-0140) (CVE-2019-0139) (CVE-2019-0144) - i40e: Stop dropping 802.1ad tags - eth proto 0x88a8 (Scott Peterson) [Orabug: 31051191] (CVE-2019-0140) (CVE-2019-0139) (CVE-2019-0144) - i40e: fix reading LLDP configuration (Mariusz Stachura) [Orabug: 31051191] (CVE-2019-0140) (CVE-2019-0139) (CVE-2019-0144) - i40e: Add capability flag for stopping FW LLDP (Krzysztof Galazka) [Orabug: 31051191] (CVE-2019-0140) (CVE-2019-0139) (CVE-2019-0144) - i40e: refactor FW version checking (Mitch Williams) [Orabug: 31051191] (CVE-2019-0140) (CVE-2019-0139) (CVE-2019-0144) - i40e: shutdown all IRQs and disable MSI-X when suspended (Jacob Keller) [Orabug: 31051191] (CVE-2019-0140) (CVE-2019-0139) (CVE-2019-0144) - i40e: prevent service task from running while we
    last seen2020-06-10
    modified2020-06-04
    plugin id137128
    published2020-06-04
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137128
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0019)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-5670.NASL
    descriptionDescription of changes: [4.1.12-124.39.1.el7uek] - qla2xxx: Update driver version to 9.00.00.00.42.0-k1-v2 (Arun Easi) [Orabug: 30372266] - qla2xxx: Fix device discovery when FCP2 device is lost. (Arun Easi) [Orabug: 30372266] - brcmfmac: add subtype check for event handling in data path (John Donnelly) [Orabug: 30776354] {CVE-2019-9503} - percpu-refcount: fix reference leak during percpu-atomic transition (Douglas Miller) [Orabug: 30867060] - blk-mq: Allow timeouts to run while queue is freezing (Gabriel Krisman Bertazi) [Orabug: 30867060] - fs/dcache.c: fix spin lockup issue on nlru->lock (Junxiao Bi) [Orabug: 30953290] - jbd2: disable CONFIG_JBD2_DEBUG (Junxiao Bi) [Orabug: 31234664] - mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf (Navid Emamdoost) [Orabug: 31246302] {CVE-2019-19056} - drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl() (Vladis Dronov) [Orabug: 31262557] {CVE-2017-7346} [4.1.12-124.38.5.el7uek] - i40e: Increment the driver version for FW API update (Jack Vogel) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: Update FW API version to 1.9 (Piotr Azarewicz) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: Changed maximum supported FW API version to 1.8 (Adam Ludkiewicz) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: Stop dropping 802.1ad tags - eth proto 0x88a8 (Scott Peterson) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: fix reading LLDP configuration (Mariusz Stachura) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: Add capability flag for stopping FW LLDP (Krzysztof Galazka) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: refactor FW version checking (Mitch Williams) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: shutdown all IRQs and disable MSI-X when suspended (Jacob Keller) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144} - i40e: prevent service task from running while we
    last seen2020-05-12
    modified2020-05-07
    plugin id136388
    published2020-05-07
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136388
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5670)