CVE-2018-12193

CWE-284 — Improper Access Control5 documents5 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 81.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Quickassist Technology Intel Corporation Intel Quickassit Technology FOR Linux

Timeline

PublishedOct 10

Latest updateMay 13

Description

Insufficient access control in driver stack for Intel QuickAssist Technology for Linux before version 4.2 may allow an unprivileged user to potentially disclose information via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDintel/quickassist_technology< 4.2

▶CVEListV5intel_corporation/intel_quickassit_technology_for_linuxbefore 4.2

Patches

Patch: cdrdv2.intel.com ↗Patch: cdrdv2.intel.com ↗

🔴Vulnerability Details

GHSA

GHSA-pwcp-jwjx-3jgm: Insufficient access control in driver stack for Intel QuickAssist Technology for Linux before version 4↗2022-05-13

▶

CVEList

CVE-2018-12193: Insufficient access control in driver stack for Intel QuickAssist Technology for Linux before version 4↗2018-10-10

▶

📋Vendor Advisories

Red Hat

kernel: insufficient access control in Intel QuickAssist Technology↗2018-09-10

▶

💬Community

Bugzilla

CVE-2018-12193 kernel: insufficient access control in Intel QuickAssist Technology↗2018-10-11

▶