CVE-2022-36397

CWE-276 — Incorrect Default Permissions5 documents5 sources

Severity

7.8HIGH

EPSS

0.0%

top 89.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Quickassist Technology

Timeline

PublishedFeb 16

Description

Incorrect default permissions in the software installer for some Intel(R) QAT drivers for Linux before version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5intel(r)_qat_drivers_for_linuxbefore version 4.17

▶NVDintel/quickassist_technology< 1.6+1

Patches

Patch: www.intel.com ↗Patch: www.intel.com ↗

🔴Vulnerability Details

CVEList

CVE-2022-36397: Incorrect default permissions in the software installer for some Intel(R) QAT drivers for Linux before version 4↗2023-02-16

▶

OSV

CVE-2022-36397: Incorrect default permissions in the software installer for some Intel(R) QAT drivers for Linux before version 4↗2023-02-16

▶

GHSA

GHSA-2567-3r9v-7m92: Incorrect default permissions in the software installer for some Intel(R) QAT drivers for Linux before version 4↗2023-02-16

▶

📋Vendor Advisories

Red Hat

hw: Intel: Incorrect default peinrmissions in QAT driver enable escalation of privilege↗2023-02-14

▶