CVE-2023-24478

CWE-3303 documents3 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 80.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Quartus Prime

Timeline

PublishedAug 15

Description

Use of insufficiently random values for some Intel Agilex(R) software included as part of Intel(R) Quartus(R) Prime Pro Edition for linux before version 22.4 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5intel_agilex(r)_software_included_as_part_of_intel(r)_quartus(r)_prime_pro_edition_for_linuxbefore version 22.4

▶NVDintel/quartus_prime< 22.4

Patches

Patch: www.intel.com ↗Patch: www.intel.com ↗

🔴Vulnerability Details

CVEList

CVE-2023-24478: Use of insufficiently random values for some Intel Agilex(R) software included as part of Intel(R) Quartus(R) Prime Pro Edition for linux before versi↗2023-08-15

▶

GHSA

GHSA-vj4f-hcgr-4hvj: Use of insufficiently random values for some Intel Agilex(R) software included as part of Intel(R) Quartus(R) Prime Pro Edition for linux before versi↗2023-08-15

▶