Open CAS Advisory

Summary:

A potential security vulnerability in the Open Cache Acceleration Software (CAS) for Linux maintained by Intel may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability.

Vulnerability Details:

CVEID: CVE-2023-22447

Description: Insertion of sensitive information into log file in the Open CAS software for Linux maintained by Intel before version 22.6.2 may allow a privileged user to potentially enable information disclosure via local access.

CVSS Base Score: 2.0 Low

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N

Affected Products:

Open CAS software for Linux maintained by Intel before version 22.6.2.

Recommendations:

Intel recommends updating Open CAS software for Linux maintained by Intel to version 22.6.2 or later.

Updates are available for download at this location:

<https://github.com/Open-CAS/open-cas-linux/releases&gt;

Acknowledgements:

This issue was found internally by Intel employees.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.