A potential security vulnerability in the Open Cache Acceleration Software (CAS) maintained by Intel may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability.
CVEID: CVE-2022-29523
Description: Improper conditions check in the Open CAS software maintained by Intel® before version 22.3.1 may allow an authenticated user to potentially enable denial of service via local access.
CVSS Base Score: 3.3 Low
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Open CAS software maintained by Intel before version 22.3.1.
Intel recommends updating the Open CAS software maintained by Intel to version 22.3.1 or later.
Updates are available for download at this location:
<https://github.com/Open-CAS/ocf/releases>
Intel would like to thank Jan Musial for reporting this issue.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.