Intel Ethernet 800 Series Drivers for ESXi Information Disclosure Vulnerability

A vulnerability allowing information disclosure has been identified in some ESXi kernel mode drivers for Intel Ethernet 800-Series products. This issue affects versions prior to 2.2.2.0 on ESXi 8.0 and versions prior to 2.2.3.0 on ESXi 9.0. The vulnerability arises from improper initialization in the drivers, which may allow an unprivileged, authenticated software adversary to expose data. The issue could potentially be exploited through local access, without special internal knowledge, and requires no user interaction.

Impact

Exploitation of this vulnerability could lead to unauthorized data exposure.

Remediation

Users are advised to update the ESXi base driver for Intel 800 Series Ethernet to version 2.2.2.0 or later on ESXi 8.0, and to version 2.2.3.0 or later on ESXi 9.0. The updated drivers are available for download from the Broadcom Compatibility Guide.