Potential security vulnerabilities in Intel® Integrated Performance Primitives (IPP) Cryptography software may allow information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities.
CVEID: CVE-2022-37409
Description: Insufficient control flow management for the Intel® IPP Cryptography software before version 2021.6 may allow an authenticated user to potentially enable information disclosure via local access.
CVSS Base Score: 4.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVEID: CVE-2022-41646
Description: Insufficient control flow management in the Intel® IPP Cryptography software before version 2021.6 may allow an unauthenticated user to potentially enable information disclosure via local access.
CVSS Base Score: 4.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
CVEID: CVE-2022-40974
Description: Incomplete cleanup in the Intel® IPP Cryptography software before version 2021.6 may allow a privileged user to potentially enable information disclosure via local access.
CVSS Base Score: 1.8 Low
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
Intel® IPP Cryptography software before version 2021.6.
Intel recommends updating the Intel® IPP Cryptography software to version 2021.6 or later.
Updates are available for download at this location:
<https://github.com/intel/ipp-crypto/releases>
The following issues were found internally by Intel employees. Intel would like to thank Kevin Jacobs, Viktoria Gvozdeva, Igor Fedyaev and Elena Tyuleneva.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.