Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00778
HistoryMay 09, 2023 - 12:00 a.m.

Intel® QAT Advisory

2023-05-0900:00:00
Intel Security Center
www.intel.com
15
intel qat drivers
windows
security vulnerabilities
advisory
privilege escalation
information disclosure
software updates
cve-2022-41699
cve-2022-40972
cve-2022-41771
cve-2022-41621
cvss
aobo wang
falcon corruption

0.0004 Low

EPSS

Percentile

9.2%

JSON

Summary:

Potential security vulnerabilities in some Intel® QuickAssist Technology (QAT) drivers for Windows may allow escalation of privilege or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2022-41699

Description: Incorrect permission assignment for critical resource in some Intel® QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H****

CVEID: CVE-2022-40972

Description: Improper access control in some Intel® QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVEID: CVE-2022-41771****

Description: Incorrect permission assignment for critical resource in some Intel® QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CVEID: CVE-2022-41621****

Description: Improper access control in some Intel® QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 3.3 Low

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected Products:

Intel® QAT drivers for Windows before version 1.9.0.

Recommendations:

Intel recommends updating Intel® QAT drivers for Windows to version 1.9.0 or later.

Updates are available for download at this location:

<https://www.intel.com/content/www/us/en/download/19732&gt;

Acknowledgements:

Intel would like to thank Aobo Wang of Chaitin Security Research Lab (CVE-2022-41771, CVE-2022-41699, CVE-2022-41621) and Falcon Corruption @falconCorrup (CVE-2022-40972) for reporting these issues.****

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

nvd 4
prion 4
cve 4
cvelist 4
nvd
nvd
CVE-2022-40972
2023-05-10 14:15:15
CVE-2022-41621
2023-05-10 14:15:16
CVE-2022-41699
2023-05-10 14:15:19
prion
prion
Privilege escalation
2023-05-10 14:15:00
Improper access control
2023-05-10 14:15:00
Improper access control
2023-05-10 14:15:00
cve
cve
CVE-2022-41621
2023-05-10 14:15:16
CVE-2022-41699
2023-05-10 14:15:19
CVE-2022-40972
2023-05-10 14:15:15
cvelist
cvelist
CVE-2022-41699
2023-05-10 13:17:16
CVE-2022-41621
2023-05-10 13:17:18
CVE-2022-40972
2023-05-10 13:17:17

0.0004 Low

EPSS

Percentile

9.2%

JSON
Related for INTEL:INTEL-SA-00778
nvd4prion4cve4cvelist4