What is CVE-2023-28376?

CVE-2023-28376 is a medium-severity vulnerability in Intel Ethernet_network_adapter_e810-2cqda2, classified under Out-of-bounds Read. CVSS score: 6.5/10. Published 2023-11-14.

How severe is CVE-2023-28376?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Out-of-bounds Read in Intel Ethernet_network_adapter_e810-2cqda2

CVE-2023-28376

Out-of-bounds read in the firmware for some Intel(R) E810 Ethernet Controllers and Adapters before version 1.7.1 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Vulnerability class: Buffer Overflow

EPSS: 0.004 (30.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Intel Ethernet_network_adapter_e810-2cqda2
Intel Ethernet_network_adapter_e810-2cqda2_firmware
Intel Ethernet_network_adapter_e810-cqda1
Intel Ethernet_network_adapter_e810-cqda1_firmware
Intel Ethernet_network_adapter_e810-cqda1_for_ocp
Intel Ethernet_network_adapter_e810-cqda1_for_ocp_3.0
Intel Ethernet_network_adapter_e810-cqda1_for_ocp_3.0_firmware
Intel Ethernet_network_adapter_e810-cqda1_for_ocp_firmware
Intel Ethernet_network_adapter_e810-cqda2
Intel Ethernet_network_adapter_e810-cqda2_firmware

Weakness classification (CWE)

CWE-125 — Out-of-bounds Read

References

secure@intel.com (Vendor Advisory)
secure@intel.com

Frequently asked questions

What is CVE-2023-28376?: CVE-2023-28376 is a medium-severity vulnerability in Intel Ethernet_network_adapter_e810-2cqda2, classified under Out-of-bounds Read. CVSS score: 6.5/10. Published 2023-11-14.
How severe is CVE-2023-28376?: Medium severity. CVSS v3 base score is 6.5 out of 10.