CVE-2023-22656

2024-05-1621:15:50

CWE-125

intel

web.nvd.nist.gov

vulnerability

out-of-bounds read

intel media sdk

intel onevpl software

escalation of privilege

local access

cve-2023-22656

CVSS3

3.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

AI Score

6.9

Confidence

High

EPSS

Percentile

9.0%

JSON

Out-of-bounds read in Intel® Media SDK and some Intel® oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access.

Affected configurations

Vulnrichment

Node

intelonevpl_gpu_runtime

VendorProductVersionCPE
intelonevpl_gpu_runtime*cpe:2.3:a:intel:onevpl_gpu_runtime:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
intel	onevpl_gpu_runtime	*	cpe:2.3:a:intel:onevpl_gpu_runtime::::::::

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Intel(R) Media SDK and some Intel(R) oneVPL software",
    "versions": [
      {
        "version": "before version 23.3.5",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]