PCD Firmware 1.28.16 or 1.24.69 fix the Ethernet frame padding information leakage
This Firmware do fix the issue CVE-2017-9628 related to Ethernet frame padding information leakage.
To avoid any problems in relation to this leakage we do recommend strongly to update to the latest Firmware
1.28.16 / 1.24.69 or newer as mentioned on the security upgrade section on this web-page.
Impact of the CVE-2017-9628
IEEE 802 specifies that packets have a minimum size of 56 bytes.
The Ethernet driver is expected to fill the data field with octets of zero for padding when packets are less than 56 bytes.
Resident memory and other data are used for padding in some implementations that could cause information leakage.
This attack is passive; the attacker can only see data that the affected devices sent out as part of a packet.
Vulnerability overview of the CVE-2017-9628
The previous implementation of firmware allowed other data from a known area of memory to be used in this field and could exfiltrate or leak data.
PCD1 / _Firmware Classic
PCD2 / _Firmware Classic
PCD3 / _Firmware Classic
Last update: 09.08.2017 18:02
First release: 09.08.2017 18:02