Ethernet Products
Determine ramifications of Intel® Ethernet products and technologies
5286 Discussions

CVE-2015-2291 Intel Network Adapter Diagnostic Driver IOCTL DoS

JLang10
Beginner
10,028 Views

A vulnerability in iqvw32.sys and iqvw64e.sys drivers has been discovered in the Intel Network Adapter Driver. Intel Network Adapter Diagnostic Driver is prone to multiple local buffer-overflow vulnerabilities.

An attacker can exploit these issues to crash the affected application; denying service to legitimate users. Due to the nature of this issue, code-execution may be possible but this has not been confirmed.

Note: This issue was previously titled 'Intel Network Adapter Diagnostic Driver CVE-2015-2291 Multiple Remote Code Execution Vulnerabilities'. The title and technical details have been changed to better reflect the underlying component affected.

When will a vendor-supplied patch be available?

Joel

0 Kudos
6 Replies
Allan_J_Intel1
Employee
9,025 Views

I have moved your post to our Networking department

Allan.

0 Kudos
st4
New Contributor III
9,025 Views

Hi langejoel,

Thank you for bringing this matter to our attention. We will need to check on this.

rgds,

wb

0 Kudos
JLang10
Beginner
9,025 Views

wb,

Any news about how to remediate this vulnerability? Thank you for looking into this.

Joel

0 Kudos
JLang10
Beginner
9,025 Views

Thank you Mark, I will have our patch group test this solution out hopefully soon. When we see resolution I will post to the site and mark your solution as the Answer.

Thank you for responding to my second inquiry so soon.

jL

 

0 Kudos
idata
Employee
9,025 Views

That download will not work on my HP servers.

Any other ideas/suggestions?

I have the latest and greatest NIC driver and firmware installed but still getting flagged with this vulnerability.

0 Kudos
Reply