CVE-2022-41808 — DEPRECATED: Improper Sanitization of Custom Special Characters in Intel Quickassist Technology

CWE-92 — DEPRECATED: Improper Sanitization of Custom Special Characters CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

5.5MEDIUMNVD

CNA3.3

EPSS

0.1%

top 79.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Quickassist Technology

Timeline

PublishedMay 10

Description

Improper buffer restriction in software for the Intel QAT Driver for Linux before version 1.7.l.4.12 may allow an authenticated user to potentially enable denial of service via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDintel/quickassist_technology< 1.7.l.4.12

Patches

Patch: www.intel.com ↗Patch: www.intel.com ↗

🔴Vulnerability Details

GHSA

GHSA-54hh-2wph-jw3p: Improper buffer restriction in software for the Intel QAT Driver for Linux before version 1↗2023-05-10

▶

CVEList

CVE-2022-41808: Improper buffer restriction in software for the Intel QAT Driver for Linux before version 1↗2023-05-10

▶

📋Vendor Advisories

Red Hat

hw: Intel: improper buffer restriction may allow an authenticated user to potentially enable denial of service via local access↗2023-05-09

▶