CVE-2025-24511 in I350 Series Ethernetinfo

Summary

by MITRE • 08/12/2025

Improper initialization in the Linux kernel-mode driver for some Intel(R) I350 Series Ethernet before version 5.19.2 may allow an authenticated user to potentially enable Information disclosure via data exposure.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 08/12/2025

The vulnerability identified as CVE-2025-24511 represents a critical flaw in the Linux kernel-mode driver for Intel I350 Series Ethernet controllers that affects versions prior to 5.19.2. This issue stems from improper initialization of driver components during system boot or device enumeration processes, creating potential attack vectors for authenticated users who possess legitimate access to the affected system. The vulnerability falls under the category of information disclosure, where sensitive data may be exposed through improper memory handling or uninitialized variable states within the kernel driver.

The technical root cause of this vulnerability lies in the inadequate initialization of kernel-mode driver structures and memory regions that handle network packet processing and data transmission operations. When the Intel I350 Ethernet driver fails to properly initialize certain memory buffers or data structures, it may leave residual data from previous operations or system states accessible to malicious processes. This improper initialization can occur during device driver loading, configuration changes, or when handling network traffic, potentially exposing sensitive information such as cryptographic keys, user credentials, or system memory contents to unauthorized processes within the same security context.

From an operational impact perspective, this vulnerability presents significant risks to systems running affected kernel versions, particularly in enterprise environments where multiple authenticated users may have access to the same hardware. An authenticated attacker could exploit this flaw to gain access to information that should remain confidential, potentially leading to further privilege escalation or lateral movement within the network. The vulnerability is especially concerning in environments where the Intel I350 Series controllers are deployed in mission-critical systems, as the information disclosure could compromise sensitive operational data or facilitate more sophisticated attacks.

The mitigation strategy for CVE-2025-24511 primarily involves upgrading to Linux kernel version 5.19.2 or later, which includes the necessary patches to properly initialize driver components and prevent the exposure of sensitive data. System administrators should also implement comprehensive monitoring to detect any unusual access patterns or data exposure attempts that might indicate exploitation of this vulnerability. Additionally, organizations should conduct thorough vulnerability assessments to identify all systems running affected kernel versions and prioritize remediation efforts based on risk exposure and criticality of the affected infrastructure.

This vulnerability aligns with CWE-665, which addresses improper initialization of resources, and demonstrates characteristics consistent with ATT&CK technique T1005, Information Gathering, where adversaries seek to extract sensitive information from compromised systems. The flaw represents a classic example of how seemingly minor initialization errors in kernel-mode drivers can create significant security implications, highlighting the importance of rigorous code review processes and thorough testing of driver initialization sequences before deployment in production environments.

Responsible

Intel

Reservation

02/04/2025

Disclosure

08/12/2025

Moderation

accepted

CPE

ready

EPSS

0.00128

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!