CVE-2022-40974

CWE-4593 documents3 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 75.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Integrated Performance Primitives Cryptography

Timeline

PublishedMay 10

Description

Incomplete cleanup in the Intel(R) IPP Cryptography software before version 2021.6 may allow a privileged user to potentially enable information disclosure via local access.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:NExploitability: 0.3 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5intel(r)_ipp_cryptography_softwarebefore version 2021.6

▶NVDintel/integrated_performance_primitives_cryptography< 2021.6

🔴Vulnerability Details

CVEList

CVE-2022-40974: Incomplete cleanup in the Intel(R) IPP Cryptography software before version 2021↗2023-05-10

▶

GHSA

GHSA-j2j8-23gr-f54x: Incomplete cleanup in the Intel(R) IPP Cryptography software before version 2021↗2023-05-10

▶