CVE-2015-1142857

Advisory lineage Upstream: 0 Downstream: 8

Downstream

SUSE-SU-2018:0437-1 SUSE-SU-2018:0525-1 SUSE-SU-2018:0555-1 SUSE-SU-2018:0671-1 SUSE-SU-2018:0674-1 SUSE-SU-2018:0841-1

Modified

Published: 23 Jan 2018, 14:00

Last modified:16 Sept 2024, 20:26

Vulnerability Summary

Overall Risk (default)

medium

35/100

CVSS Score

8.6 HIGH

v3.0 (nvd)

EPSS Score

0.69% LOW

1% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

23 Jan 2018, 14:00

Published

Vulnerability first disclosed

16 Sept 2024, 20:26

Last Modified

Vulnerability information updated

Description

On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected.

CVSS Metrics

v3.0•HIGH•Score: 8.6CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 0.69%• Percentile: 72%

Techniques & Countermeasures

CWE-254•7PK - Security Features
Software security is not security software. Here we're concerned with topics like authentication, access control, confidentiality, cryptography, and privilege management.

Affected Systems

dpdk•dpdk
na
intel•82576_firmware
na
intel•82599_firmware
na
intel•i350_firmware
na
intel•x540_firmware
na
intel•x710_firmware
na
linux•linux_kernel_i40e\/i40evf
na
linux•linux_kernel_ixgbe
na