Lucene search

IntelCVE-2023-28741

HistoryNov 14, 2023 - 7:15 p.m.

CVE-2023-28741

2023-11-1419:15:23

CWE-120

intel

web.nvd.nist.gov

cve-2023-28741

buffer overflow

intel qat drivers

windows

escalation of privilege

local access

CVSS3

7.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

Percentile

9.0%

JSON

Buffer overflow in some Intel® QAT drivers for Windows - HW Version 1.0 before version 1.10 may allow an authenticated user to potentially enable escalation of privilege via local access.

Affected configurations

Nvd

Vulners

Node

microsoftwindowsMatch-

AND

intelquickassist_technology_libraryRange<22.07.1

Node

intelquickassist_technology_firmwareMatch-

AND

intelquickassist_technologyRange1.0–1.10windows

Node

intelquickassist_technology_firmwareMatch-

AND

intelquickassist_technologyRange2.0–2.04windows

VendorProductVersionCPE
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
intelquickassist_technology_library*cpe:2.3:a:intel:quickassist_technology_library:*:*:*:*:*:*:*:*
intelquickassist_technology_firmware-cpe:2.3:o:intel:quickassist_technology_firmware:-:*:*:*:*:*:*:*
intelquickassist_technology*cpe:2.3:h:intel:quickassist_technology:*:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
intel	quickassist_technology_library	*	cpe:2.3:a:intel:quickassist_technology_library::::::::
intel	quickassist_technology_firmware	-	cpe:2.3:o:intel:quickassist_technology_firmware:-:::::::*
intel	quickassist_technology	*	cpe:2.3:h:intel:quickassist_technology::::::windows::*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Intel(R) QAT drivers for Windows - HW Version 1.0",
    "versions": [
      {
        "version": "before version 1.10",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00861.html

CVSS3

7.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-28741