Login Sign Up

CVE-2024-23497

8.8 HIGH

📋 TL;DR

An out-of-bounds write vulnerability in Intel Ethernet Network Controller drivers allows authenticated local users to write beyond allocated memory boundaries. This could enable privilege escalation on affected Linux systems. The vulnerability affects systems using specific Intel Ethernet hardware with vulnerable driver versions.

💻 Affected Systems

Products:
  • Intel Ethernet Network Controllers and Adapters
Versions: Driver versions before 28.3
Operating Systems: Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Intel Ethernet hardware with vulnerable driver. Systems without Intel Ethernet adapters are not affected.

📦 What is this software?

Ethernet 800 Series Controllers Driver by Intel

View all CVEs affecting Ethernet 800 Series Controllers Driver →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via local privilege escalation to root, potentially leading to complete control of the affected system.

🟠

Likely Case

Local privilege escalation allowing authenticated users to gain elevated privileges on the system.

🟢

If Mitigated

Limited impact if proper access controls restrict local user accounts and driver loading is controlled.

🌐 Internet-Facing: LOW - Requires local access and authentication, not directly exploitable over network.
🏢 Internal Only: HIGH - Authenticated local users can potentially exploit this to gain root privileges on affected systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local authenticated access and knowledge of driver exploitation techniques. No public exploit code known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 28.3 or later

Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00918.html

Restart Required: Yes

Instructions:

1. Check current driver version. 2. Update to Intel Ethernet driver version 28.3 or later. 3. Reboot system to load new driver.

🔧 Temporary Workarounds

Restrict driver loading

linux

Prevent loading of vulnerable Intel Ethernet drivers via kernel module blacklisting

echo 'blacklist ixgbe' >> /etc/modprobe.d/blacklist.conf
echo 'blacklist i40e' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u

Restrict local user access

all

Limit local user accounts and implement strict access controls

🧯 If You Can't Patch

  • Implement strict access controls to limit local user accounts
  • Monitor for suspicious privilege escalation attempts and driver manipulation

🔍 How to Verify

Check if Vulnerable:

Check Intel Ethernet driver version: modinfo ixgbe | grep version OR modinfo i40e | grep version

Check Version:

modinfo ixgbe | grep version || modinfo i40e | grep version

Verify Fix Applied:

Verify driver version is 28.3 or higher: modinfo ixgbe | grep version

📡 Detection & Monitoring

Log Indicators:

  • Kernel logs showing driver crashes or memory corruption
  • Failed privilege escalation attempts
  • Unexpected driver module loading

Network Indicators:

  • None - local exploit only

SIEM Query:

source="kernel" AND ("ixgbe" OR "i40e") AND ("panic" OR "oops" OR "segfault")

📊 Metadata

CVE ID: CVE-2024-23497
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-787
Published: August 14, 2024
Last Updated: September 12, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-23497, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)