CVE-2024-23497

Vulnerability

An out-of-bounds write vulnerability exists in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3. This flaw affects systems using affected Intel Ethernet devices with driver versions prior to 28.3. The vulnerability is triggered when the driver handles certain commands with insufficient bounds checking, leading to a write beyond allocated memory. [1]

Exploitation

An attacker must have authenticated access to the local system and the ability to issue specific commands to the affected network driver. The exploitation involves sending crafted input to the driver that causes an out-of-bounds write operation. No user interaction beyond authentication is required. [1]

Impact

Successful exploitation allows an attacker to escalate privileges on the local system, potentially gaining elevated execution privileges. The out-of-bounds write can lead to memory corruption that an attacker may leverage to achieve higher-privileged code execution. [1]

Mitigation

The vulnerability is fixed in Intel Ethernet driver version 28.3. Users should update to this version or later via the Intel Download Center or their distribution's package management. No workarounds are documented. [1]