Helient Blog

Nutanix has addressed potential security vulnerabilities in Intel® Ethernet Controllers, Adapters, and CPU microcode

Written by Jared Hamilton | Dec 2, 2024 11:58:22 PM

Nutanix has addressed a range of security vulnerabilities in Intel® Ethernet Controllers, Adapters, and CPU microcode. These vulnerabilities, if left unpatched, could expose systems to critical risks. Recognizing the severity of these threats, Intel and Nutanix released comprehensive firmware and software updates designed to effectively mitigate these issues.


The following is an outline of the affected Intel and Nutanix hardware and software versions: 

Nutanix Software Affected Versions
AHV AHV versions 0220304.511 and below, bundled with
AOS 6.5.6.5 (LTS) and below.
AHV versions 20230302.100187 and below, bundled
with AOS 6.8.0.5 (eSTS) and below.
Foundation Versions lower than 5.6.1

Nutanix Hardware Affected Versions
Supermicro E810 2P 25G_10G AOC-S25GC-i2S-NI22 Versions lower than 0x8001c7c9
Supermicro E810 4P 25G AOC-S25GC-i4S-NI22 Versions lower than 0x8001c7cd
Supermicro E810 2P 100G AOC-S100GC-i2C-NI22 Versions lower than 0x8001c7bc
Silicom E810-4P 25G PE425G4i81L-XR-NU Versions lower than 0x8001d073
Supermicro X710-T-SFP+ 4P 10G
AOC-ATG-i2T2SM-NI22
Versions lower than 0x8000f220
Supermicro X710-T-SFP+ 4P 10G
AOC-URG4N4-I4XTS-NI22
Versions lower than 0x8000f21e
Supermicro X710-T-SFP+ 4P 10G
AOC-2UR68G4-i4XTS-NI22
Versions lower than 0x8000f21f
Intel X710 4P 10G EX710DA4G1P5 Versions lower than 0x8000ecab
Intel X710-T4L 4P 10G X710T4L Versions lower than 0x8000eccf
Silicom X710-T 2P 10G PE310G2I71EU-T-NU Versions lower than 0x8000efe2
Silicom XXV710 2P 25G PE325G2I71EU-XR-NU Versions lower than 0x8000ee2c
Intel XXV710 2P 25G XXV710DA2G1P5 Versions lower than 0x8000ed12
Intel XXV710-DA2T 2P 25G XXV710DA2TLG1P5 Versions lower than 0x8000ed06
Silicom XXV710 2P 25G PE325G2I71EU-XR-NU-G Versions lower than 0x8000ee2d
Supermicro X722 2P 10G LOM on NX-1175S-G7 Versions lower than 0x800041f9
Supermicro X722 4P 10G LOM on NX-1120S-G7 Versions lower than 0x800041f
Foundation Platform Versions lower than 2.15.2



Below is a summary from the National Vulnerability Database of associated CVEs, descriptions, and impacts: 


CVEID: CVE-2024-21810
Description: Improper input validation in the Linux kernel mode driver for the Intel® 800 Series
Ethernet Driver before version 28.3 may allow an authenticated user to potentially enable
escalation of privilege via local access.
CVSS Base Score 3.1: 8.8 High

CVEID: CVE-2024-23497
Description: Out-of-bounds write in Linux kernel mode driver for the Intel® 800 Series Ethernet
Driver before version 28.3 may allow an authenticated user to potentially enable escalation of
privilege via local access.
CVSS Base Score 3.1: 8.8 High

CVEID: CVE-2024-21807
Description: Improper initialization in the Linux kernel mode driver for the Intel® 800 Series
Ethernet Driver before version 28.3 may allow an authenticated user to potentially enable
escalation of privilege via local access.
CVSS Base Score 3.1: 8.8 High
Nutanix, Inc.

CVEID: CVE-2024-23981
Description: Wrap-around error in Linux kernel mode driver for the Intel® 800 Series Ethernet
Driver before version 28.3 may allow an authenticated user to potentially enable escalation of
privilege via local access.
CVSS Base Score 3.1: 8.8 High

CVEID: CVE-2024-24986
Description: Improper access control in Linux kernel mode driver for the Intel® 800 Series
Ethernet Driver before version 28.3 may allow an authenticated user to potentially enable
escalation of privilege via local access.
CVSS Base Score 3.1: 8.8 High

CVEID: CVE-2024-21769
Description: Uncontrolled search path in installer for the Intel® Ethernet Software before
version 28.3 may allow an authenticated user to potentially enable escalation of privilege via
local access.
CVSS Base Score 3.1: 6.7 Medium

CVEID: CVE-2024-23499
Description: Protection mechanism failure in the Linux kernel mode driver for the Intel® 800
Series Ethernet Driver before version 28.3 may allow an unauthenticated user to potentially
enable denial of service via network access.
CVSS Base Score 3.1: 6.5 Medium

CVEID: CVE-2024-24983
Description: Protection mechanism failure in firmware for some Intel® Ethernet Netwo
Controllers and Adapters E810 Series before version 4.4 may allow an unauthenticated user to
potentially enable denial of service via network access.
CVSS Base Score 3.1: 6.5 Medium

CVEID: CVE-2024-21806
Description: Improper conditions check in the Linux kernel mode driver for the Intel® 800
Series Ethernet Driver before version 28.3 may allow an authenticated user to potentially
enable denial of service via local access.
CVSS Base Score 3.1: 5.5 Medium

CVEID: CVE-2024-22376
Description: Uncontrolled search path element in some installation software for Intel®
Ethernet Adapter Driver Pack before version 28.3 may allow an authenticated user to
potentially enable escalation of privilege via local access.
CVSS Base Score 3.1: 6.7 Medium

CVEID: CVE-2024-23984
Description: Observable discrepancy in RAPL interface for some Intel® Processors may allow a
privileged user to potentially enable information disclosure via local access.
CVSS Base Score 3.1: 5.3 Medium

CVEID: CVE-2024-23599
Description: Race condition in Seamless Firmware Updates for some Intel® reference
platforms may allow a privileged user to potentially enable denial of service via local access.
CVSS Base Score 3.1: 7.9 High

CVEID: CVE-2024-21871
Description: Improper input validation in UEFI firmware for some Intel® Processors may all
a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score 3.1: 7.5 High

CVEID: CVE-2023-43626
Description: Improper access control in UEFI firmware for some Intel® Processors may allow
privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score 3.1: 7.5 High

CVEID: CVE-2023-42772
Description: Untrusted pointer dereference in UEFI firmware for some Intel® referen
processors may allow a privileged user to potentially enable escalation of privilege via local
access.
CVSS Base Score 3.1: 8.2 High

CVEID: CVE-2024-21829
Description: Improper input validation in UEFI firmware error handler for some Inte
Processors may allow a privileged user to potentially enable escalation of privilege via local
access.
CVSS Base Score 3.1: 7.5 High

CVEID: CVE-2024-21781
Description: Improper input validation in UEFI firmware for some Intel® Processors may all
a privileged user to enable information disclosure or denial of service via local access.
CVSS Base Score 3.1: 7.2 High

CVEID: CVE-2023-41833
Description: A race condition in UEFI firmware for some Intel® processors may allow
privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score 3.1: 7.5 High

CVEID: CVE-2023-23904
Description: NULL pointer dereference in the UEFI firmware for some Intel® Processors m
allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score 3.1: 6.1 Medium

CVEID: CVE-2023-22351
Description: Out-of-bounds write in UEFI firmware for some Intel® Processors may allow
privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score 3.1: 6.1 Medium

CVEID: CVE-2023-43753
Description: Improper conditions check in some Intel(R) Processors with Intel® Software
Guard Extensions (Intel® SGX) may allow a privileged user to potentially enable information
disclosure via local access.
CVSS Base Score 3.1: 5.3 Medium

CVEID: CVE-2023-25546
Description: Out-of-bounds read in UEFI firmware for some Intel® Processors may allow
privileged user to potentially enable denial of service via local access.
CVSS Base Score 3.1: 2.5 Low  

This vulnerability affects only platforms with the specified Intel network cards and software versions. 

CVEs: CVE-2024-24968
Severity Rating: Medium
Impact of vulnerability: Denial of Service
Intel Recommendation: Intel recommends updated microcode to the latest version
provided by your system manufacturer.  

  • Nutanix AHV Clusters with Intel Ethernet Adapters
  • Foundation and Foundation Platforms used for imaging and expanding Nutanix Hyper-V clusters with Intel Ethernet Adapters
  • NX platforms with Intel Ethernet Adapter

    
For hardware platforms other than the Nutanix NX series we recommend you consult with the hardware manufacturer for up-to-date information.  


Helient suggests upgrading if your Nutanix hardware aligns with the specified hardware.

AHV: Upgraded to AHV version 20230302.101026 or better
Foundation:  Version 5.6.1 or better
Intel firmware with the fix included with Intel Ethernet Adapter Driver Pack version 28.3 , bundled with NX version NX-LCM-3.9
NX-G8 Fix version: BIOS Wx61.101 with NX-LCM-3.10.0
NX-G6/NX-G7 Fix version: BIOS Px91.101 with NX-LCM-3.12
NX-G9 Fix version: planned for release with uPLR3 January 2025


If you require further details or need any assistance regarding the updates, vulnerabilities, or any other related inquiries, please contact our team experts at service@helient.com.