Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00809
HistoryMay 09, 2023 - 12:00 a.m.

Intel® QAT Driver Advisory

2023-05-0900:00:00
Intel Security Center
www.intel.com
17
intel quickassist technology
driver
windows
linux
cve-2022-21804
cve-2022-21239
cve-2022-41808
out-of-bounds write
out-of-bounds read
improper buffer restriction
cvss base score
zimi
alibaba orion security lab
lukasz odzioba
coordinated disclosure

0.0004 Low

EPSS

Percentile

12.7%

JSON

Summary:

Potential security vulnerabilities in some Intel® QuickAssist Technology (QAT) drivers may allow escalation of privilege, information disclosure or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2022-21804

Description: Out-of-bounds write in software for the Intel® QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.4 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

CVEID: CVE-2022-21239

Description: Out-of-bounds read in software for the Intel® QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 5.6 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CVEID: CVE-2022-41808

Description: Improper buffer restriction in software for the Intel® QAT Driver for Linux before version 1.7.l.4.12 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 3.3 Low

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Affected Products:

Windows:

The Intel® QAT Driver for Windows before version 1.9.0-0008.

Linux:

The Intel® QAT Driver for Linux before version 1.7.l.4.12.

Recommendations:

Windows:

Intel recommends updating Intel® QAT Driver for Windows to version 1.9.0-0008 or later.

Updates are available for download at this location:

<https://www.intel.com/content/www/us/en/download/19732&gt;

Linux:

Intel recommends updating Intel® QAT Driver for Linux to version 1.7.l.4.12 or later.

Updates are available for download at this location:

<https://01.org/sites/default/files/downloads/qat1.7.l.4.12.0-00011.tar.gz&gt;

Acknowledgements:

Intel would like to thank Zimi of Alibaba Orion Security Lab (CVE-2022-21804 and CVE-2022-21229) for reporting these issues.

The following issue (CVE-2022-41808) was found internally by an Intel employee. Intel would like to thank Lukasz Odzioba.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

f5 1
cvelist 4
redhatcve 1
cve 4
prion 4
nvd 4
intel 1
ibm 1
f5
f5
K000134895 : Intel QAT Driver vulnerabilities CVE-2022-21804, CVE-2022-21239, CVE-2022-41808
2023-06-02 00:00:00
cvelist
cvelist
CVE-2022-41808
2023-05-10 13:16:55
CVE-2022-21229
2022-08-18 00:00:00
CVE-2022-21239
2023-05-10 13:16:55
redhatcve
redhatcve
CVE-2022-41808
2023-05-23 10:10:42
cve
cve
CVE-2022-41808
2023-05-10 14:15:21
CVE-2022-21239
2023-05-10 14:15:10
CVE-2022-21804
2023-05-10 14:15:11
prion
prion
Buffer overflow
2023-05-10 14:15:00
Information disclosure
2023-05-10 14:15:00
Design/Logic Flaw
2023-05-10 14:15:00
nvd
nvd
CVE-2022-41808
2023-05-10 14:15:21
CVE-2022-21239
2023-05-10 14:15:10
CVE-2022-21229
2022-08-18 20:15:10
intel
intel
Intel® NUC 9 Extreme Laptop Kit Advisory
2022-08-09 00:00:00
ibm
ibm
WebSphere Application Server and IBM HTTP Server Security Bulletin List
2022-07-13 18:04:48

0.0004 Low

EPSS

Percentile

12.7%

JSON
Related for INTEL:INTEL-SA-00809
f51cvelist4redhatcve1cve4prion4nvd4intel1ibm1