Intel® QuickAssist Technology for Linux Advisory

Summary:

A potential security vulnerability in Intel® QuickAssist Technology for Linux may allow denial of service.** **Intel is releasing documentation and software updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2018-12206

Description: Improper configuration of hardware access in Intel® QuickAssist Technology for Linux (all versions) may allow an authenticated user to potentially enable a denial of service via local access.

CVSS Base Score: 3.2 Low

CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L

CVEID: CVE-2018-18096

Description: Improper memory handling in Intel® QuickAssist Technology for Linux (all versions) may allow an authenticated user to potentially enable a denial of service via local access.

CVSS Base Score: 3.2 Low

CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L

Affected Products:

Intel® QuickAssist Technology for Linux.

Recommendations:

Intel recommends that users follow the steps below to address these issues.

For CVE-2018-12206:

• Evaluate section 3.1.4 of the R4.3.0 Intel® QuickAssist for Linux Release Notes for potential changes to VM deployment environment.
• Release Notes: <https://01.org/sites/default/files/downloads/intelr-quickassist-technology/336211-008qatrelnotes.pdf&gt;

For CVE-2018-18096:

• Functionality removed in R4.3.
• Will be reinstated with update to version R4.4 or later.

Acknowledgements:

These issues were found internally by Intel employees. Intel would like to thank Ryan Hall (CVE-2018-18096) from the DCG Red Team.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are deployed.