Intel Integrated Performance Primitives Cryptography vulnerabilities

CVE-2022-26083 [HIGH] CWE-1204 CVE-2022-26083: Generation of weak initialization vector in an Intel(R) IPP Cryptography software library before ver Generation of weak initialization vector in an Intel(R) IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via local access.

CVE-2024-21784 [MEDIUM] CWE-427 CVE-2024-21784: Uncontrolled search path for some Intel(R) IPP Cryptography software before version 2021.11 may allo Uncontrolled search path for some Intel(R) IPP Cryptography software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2023-35121 [HIGH] CWE-284 CVE-2023-35121: Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 for some I Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow authenticated user to potentially enable escalation of privilege via local access.

CVE-2023-29162 [MEDIUM] CWE-276 CVE-2023-29162: Improper buffer restrictions the Intel(R) C++ Compiler Classic before version 2021.8 for Intel(R) on Improper buffer restrictions the Intel(R) C++ Compiler Classic before version 2021.8 for Intel(R) oneAPI Toolkits before version 2022.3.1 may allow a privileged user to potentially enable escalation of privilege via local access.

CVE-2023-22355 [MEDIUM] CWE-427 CVE-2023-22355: Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before ve Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2022-41646 [MEDIUM] CWE-691 CVE-2022-41646: Insufficient control flow management in the Intel(R) IPP Cryptography software before version 2021.6 Insufficient control flow management in the Intel(R) IPP Cryptography software before version 2021.6 may allow an unauthenticated user to potentially enable information disclosure via local access.

CVE-2022-37409 [MEDIUM] CWE-691 CVE-2022-37409: Insufficient control flow management for the Intel(R) IPP Cryptography software before version 2021. Insufficient control flow management for the Intel(R) IPP Cryptography software before version 2021.6 may allow an authenticated user to potentially enable information disclosure via local access.

CVE-2022-40974 [LOW] CWE-459 CVE-2022-40974: Incomplete cleanup in the Intel(R) IPP Cryptography software before version 2021.6 may allow a privi Incomplete cleanup in the Intel(R) IPP Cryptography software before version 2021.6 may allow a privileged user to potentially enable information disclosure via local access.

CVE-2021-33147 [MEDIUM] CWE-754 CVE-2021-33147: Improper conditions check in the Intel(R) IPP Crypto library before version 2021.2 may allow an auth Improper conditions check in the Intel(R) IPP Crypto library before version 2021.2 may allow an authenticated user to potentially enable information disclosure via local access.

CVE-2021-0001 [MEDIUM] CWE-203 CVE-2021-0001: Observable timing discrepancy in Intel(R) IPP before version 2020 update 1 may allow authorized user Observable timing discrepancy in Intel(R) IPP before version 2020 update 1 may allow authorized user to potentially enable information disclosure via local access.

CVE-2018-3691 [MEDIUM] CVE-2018-3691: Some implementations in Intel Integrated Performance Primitives Cryptography Library before version Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time.