Vulnerability Description
Out-of-bounds read in some Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable information disclosure via local access.
CVSS Score
4.4
MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Intel | Onevpl Gpu Runtime | < 22.6.5 |
| Fedoraproject | Fedora | 37 |
Related Weaknesses (CWE)
References
- http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00818.hVendor Advisory
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing ListThird Party Advisory
- http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00818.hVendor Advisory
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing ListThird Party Advisory
FAQ
What is CVE-2023-22338?
CVE-2023-22338 is a vulnerability with a CVSS score of 4.4 (MEDIUM). Out-of-bounds read in some Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable information disclosure via local access.
How severe is CVE-2023-22338?
CVE-2023-22338 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-22338?
Check the references section above for vendor advisories and patch information. Affected products include: Intel Onevpl Gpu Runtime, Fedoraproject Fedora.