The latest security information on Intel® products.

Intel® Ethernet Controller X710/XL710 NVM Security Vulnerability

Intel ID INTEL-SA-00063
Product family Intel® Ethernet Controller X710 family and Intel® Ethernet Controller XL710 family
Impact of vulnerability Denial of Service
Severity rating Important
Original release Jan 09, 2017
Last revised Jan 09, 2017

Summary: 

A security vulnerability in the Intel® Ethernet Controller X710 and Intel® Ethernet Controller XL710 family of products (Fortville) has been found in the Non-Volatile Flash Memory (NVM) image. 

Description: 

A security vulnerability in the Intel® Ethernet Controller X710 and Intel® Ethernet Controller XL710 family of products (Fortville) has been found in the Non-Volatile Flash Memory (NVM) image.  Under certain use conditions the Ethernet controller will stop sending and receiving data until the controller is reset.  All NVM versions 5.04 and earlier contain this vulnerability which is fully mitigated in NVM version 5.05. 

This exploit rates a CVSSv3 ranking of 7.5 High.  CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H            

Affected products:

 

Silicon Product

 

 

MM#

 

 

S SPEC #

 

 

Current Available Firmware Version

 

 

Mitigation Available to OEM by:

 

 

Intel® Ethernet Controller X710-AM2

 

 

936553

 

 

SR1ZP

 

v5.04

 

For the v5.05 firmware update please use the Network Update Tool available from the Intel Download Center at insert https://downloadcenter.intel.com

 

 

Intel® Ethernet Controller X710-AM2

 

 

936554

 

 

SR1ZQ

 

 

Intel® Ethernet Controller X710-BM2

 

 

947361

 

 

SLLKC

 

 

Intel® Ethernet Controller X710-BM2

 

 

947359

 

 

SLLKB

 

 

Intel® Ethernet Controller XL710-AM1

 

 

936551

 

 

SR1ZM

 

 

Intel® Ethernet Controller XL710-AM1

 

 

936552

 

 

SR1ZN

 

 

Intel® Ethernet Controller XL710-BM1

 

 

947353

 

 

SLLKA

 

 

Intel® Ethernet Controller XL710-BM1

 

 

947351

 

 

SLLK9

 

 

Intel® Ethernet Controller XL710-AM2

 

 

936549

 

 

SR1ZK

 

 

Intel® Ethernet Controller XL710-AM2

 

 

936550

 

 

SR1ZL

 

 

Intel® Ethernet Controller XL710-BM2

 

 

947349

 

 

SLLK8

 

 

Intel® Ethernet Controller XL710-BM2

 

 

947348

 

 

SLLK7

 

 

Adapter Product

 

 

MM#

 

 

Order Code

 

 

Current Available Firmware Version

 

 

Mitigation Available to OEM by:

 

 

Intel® Ethernet Converged Network Adapter XL710-QDA2

 

 

945036

 

 

ECO#8680034

 

 

XL710QDA2G2P5

 

 

v5.04

 

 

For the v5.05 NVM update please use the NNV Update Tool available from CDI https://downloadcenter.intel.com

 

 

Intel® Eth Converged Ntwk Adptr XL710-QDA2, open optic

 

 

943446

 

 

EXL710QDA2G1P5

 

 

v5.04

 

 

Intel® Ethernet Converged Network Adapter XL710-QDA2

 

 

932586

 

 

XL710QDA2

 

 

v5.04

 

 

Intel® Ethernet Converged Network Adapter XL710-QDA2

 

 

932587

 

 

XL710QDA2BLK

 

 

v5.04

 

 

Intel® Ethernet Converged Network Adapter XL710-QDA1

 

 

945035

 

 

ECO#8754933

 

 

XL710QDA1G2P5

 

 

v5.04

 

 

Intel® Eth Converged Ntwk Adptr XL710-QDA1, open optic

 

 

943445

 

 

EXL710QDA1G1P5

 

 

v5.04

 

 

Intel® Ethernet Converged Network Adapter XL710-QDA1

 

 

932583

 

 

XL710QDA1

 

 

v5.04

 

 

Intel® Ethernet Converged Network Adapter XL710-QDA1

 

 

932584

 

 

XL710QDA1BLK

 

 

v5.04

 

 

Intel® Ethernet Converged Network Adapter X710-DA2

 

 

945034

 

 

ECO#8754788

 

 

X710DA2G2P5

 

 

v5.04

 

 

Intel® Eth Converged Ntwk Adptr X710-DA2, open optic

 

 

944042

 

 

EX710DA2G1P5

 

 

v5.04

 

 

Intel® Ethernet Converged Network Adapter X710-DA2

 

 

933206

 

 

X710DA2

 

 

v5.04

 

 

Intel® Ethernet Converged Network Adapter X710-DA2

 

 

933217

 

 

X710DA2BLK

 

 

v5.04

 

 

Intel® Ethernet Converged Network Adapter X710-DA4

 

 

945062

 

 

ECO#8754936

 

 

X710DA4FHG2P5

 

 

v5.04

 

 

Intel® Eth Converged Ntwk Adptr X710-DA4, open optic

 

 

944040

 

 

EX710DA4FHG1P5

 

 

v5.04

 

 

Intel® Ethernet Converged Network Adapter X710-DA4

 

 

932575

 

 

X710DA4FH

 

 

v5.04

 

 

Intel® Ethernet Converged Network Adapter X710-DA4

 

 

932576

 

 

X710DA4FHBLK

 

 

v5.04

 

 

Intel® Ethernet Converged Network Adapter X710-DA4

 

 

945033

 

 

ECO#8754937

 

 

X710DA4G2P5

 

 

v5.04

 

 

Intel® Eth Converged Ntwk Adptr X710-DA4, open optic

 

 

944041

 

 

EX710DA4G1P5

 

 

v5.04

 

 

Intel Ethernet I/O Module XL710-QDA2

 

 

933743

 

 

AXX2P40FRTIOM

 

 

v5.04

 

 

Intel Ethernet I/O Module XL710-QDA1

 

 

933742

 

 

AXX1P40FRTIOM

 

 

v5.04

 

Recommendations: 

Intel highly recommends updating to Intel® NVM version 5.05 or newer available at https://downloadcenter.intel.com or https://downloadcenter.intel.com/download/24769/

Acknowledgements: 

Intel became aware of this issue working closely with our validation partners.

Revision history:

Revision

Date

Description

1.0

09-January-2017

Initial Release

CVE Name:  CVE-2016-8106

Legal Notices and Disclaimers

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more at https://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation in the United States and other countries.

*Other names and brands may be claimed as the property of others.
Copyright © Intel Corporation 2018

Report a Vulnerability

If you have information about a security issue or vulnerability with an Intel branded product or technology, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

  • The products and versions affected
  • Detailed description of the vulnerability
  • Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

For issues related to Intel managed open source projects, please visit http://www.01.org/security

Need product support?

The secure@intel.com e-mail address should only be used for reporting security issues.

If you...

  • Have questions about the security features of an Intel product
  • Require technical support
  • Want product updates or patches


Please visit Support & Downloads.