CVE-2023-22313 — DEPRECATED: Improper Sanitization of Custom Special Characters in Intel QAT Driver Firmware

CWE-92 — DEPRECATED: Improper Sanitization of Custom Special Characters CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

2.3LOWNVD

EPSS

0.1%

top 78.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel QAT Driver Firmware Intel Quickassist Technology Driver Firmware Intel Quickassist Technology Library

Timeline

PublishedNov 14

Description

Improper buffer restrictions in some Intel(R) QAT Library software before version 22.07.1 may allow a privileged user to potentially enable information disclosure via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 0.8 | Impact: 1.4

Affected Packages3 packages

▶NVDintel/quickassist_technology_library< 22.07.1

▶NVDintel/qat_driver_firmware< 1.10

▶NVDintel/quickassist_technology_driver_firmware< 2.04

Patches

Patch: www.intel.com ↗Patch: www.intel.com ↗

🔴Vulnerability Details

CVEList

CVE-2023-22313: Improper buffer restrictions in some Intel(R) QAT Library software before version 22↗2023-11-14

▶

GHSA

GHSA-frwx-7gqv-hj3w: Improper buffer restrictions in some Intel(R) QAT Library software before version 22↗2023-11-14

▶