Vulnerabilites related to intel - integrated_performance_primitives_cryptography
cve-2023-22355
Vulnerability from cvelistv5
Published
2023-05-10 13:17
Modified
2024-08-02 10:07
Summary
Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local access.
Impacted products
Vendor Product Version
n/a Intel(R) oneAPI Toolkit and component software installers Version: before version 4.3.0.251
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T10:07:06.156Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00819.html",
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00819.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Intel(R) oneAPI Toolkit and component software installers",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "before version 4.3.0.251",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local access.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.7,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "escalation of privilege",
                     lang: "en",
                  },
                  {
                     cweId: "CWE-427",
                     description: "Uncontrolled search path",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-10T13:17:14.480Z",
            orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            shortName: "intel",
         },
         references: [
            {
               name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00819.html",
               url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00819.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce",
      assignerShortName: "intel",
      cveId: "CVE-2023-22355",
      datePublished: "2023-05-10T13:17:14.480Z",
      dateReserved: "2023-01-07T04:00:03.309Z",
      dateUpdated: "2024-08-02T10:07:06.156Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-41646
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2024-08-03 12:49
Summary
Insufficient control flow management in the Intel(R) IPP Cryptography software before version 2021.6 may allow an unauthenticated user to potentially enable information disclosure via local access.
Impacted products
Vendor Product Version
n/a Intel(R) IPP Cryptography software Version: before version 2021.6
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T12:49:43.450Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html",
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Intel(R) IPP Cryptography software",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "before version 2021.6",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Insufficient control flow management in the Intel(R) IPP Cryptography software before version 2021.6 may allow an unauthenticated user to potentially enable information disclosure via local access.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "NONE",
                  baseScore: 4.7,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "information disclosure",
                     lang: "en",
                  },
                  {
                     cweId: "CWE-691",
                     description: "Insufficient control flow management",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-10T13:16:53.379Z",
            orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            shortName: "intel",
         },
         references: [
            {
               name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html",
               url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce",
      assignerShortName: "intel",
      cveId: "CVE-2022-41646",
      datePublished: "2023-05-10T13:16:53.379Z",
      dateReserved: "2022-09-29T03:00:05.396Z",
      dateUpdated: "2024-08-03T12:49:43.450Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-0001
Vulnerability from cvelistv5
Published
2021-06-09 19:01
Modified
2024-08-03 15:25
Severity ?
Summary
Observable timing discrepancy in Intel(R) IPP before version 2020 update 1 may allow authorized user to potentially enable information disclosure via local access.
Impacted products
Vendor Product Version
n/a Intel(R) IPP Version: before version 2020 update 1
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T15:25:01.810Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00477.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Intel(R) IPP",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "before version 2020 update 1",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Observable timing discrepancy in Intel(R) IPP before version 2020 update 1 may allow authorized user to potentially enable information disclosure via local access.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "information disclosure",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-06-09T19:01:55",
            orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            shortName: "intel",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00477.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@intel.com",
               ID: "CVE-2021-0001",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Intel(R) IPP",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "before version 2020 update 1",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Observable timing discrepancy in Intel(R) IPP before version 2020 update 1 may allow authorized user to potentially enable information disclosure via local access.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "information disclosure",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00477.html",
                     refsource: "MISC",
                     url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00477.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce",
      assignerShortName: "intel",
      cveId: "CVE-2021-0001",
      datePublished: "2021-06-09T19:01:55",
      dateReserved: "2020-10-22T00:00:00",
      dateUpdated: "2024-08-03T15:25:01.810Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-37409
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2024-08-03 10:29
Summary
Insufficient control flow management for the Intel(R) IPP Cryptography software before version 2021.6 may allow an authenticated user to potentially enable information disclosure via local access.
Impacted products
Vendor Product Version
n/a Intel(R) IPP Cryptography software Version: before version 2021.6
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T10:29:21.029Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html",
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Intel(R) IPP Cryptography software",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "before version 2021.6",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Insufficient control flow management for the Intel(R) IPP Cryptography software before version 2021.6 may allow an authenticated user to potentially enable information disclosure via local access.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "NONE",
                  baseScore: 4.7,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "information disclosure",
                     lang: "en",
                  },
                  {
                     cweId: "CWE-691",
                     description: "Insufficient control flow management",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-10T13:16:52.817Z",
            orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            shortName: "intel",
         },
         references: [
            {
               name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html",
               url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce",
      assignerShortName: "intel",
      cveId: "CVE-2022-37409",
      datePublished: "2023-05-10T13:16:52.817Z",
      dateReserved: "2022-09-29T03:00:05.142Z",
      dateUpdated: "2024-08-03T10:29:21.029Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-3691
Vulnerability from cvelistv5
Published
2018-06-05 21:00
Modified
2024-09-16 20:01
Severity ?
Summary
Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time.
Impacted products
Vendor Product Version
Intel Corporation Integrated Performance Primitives Cryptography Library Version: before 2018 U3.1
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T04:50:30.508Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00106.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Integrated Performance Primitives Cryptography Library",
               vendor: "Intel Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "before 2018 U3.1",
                  },
               ],
            },
         ],
         datePublic: "2018-06-04T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Information Disclosure",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-07-10T17:57:01",
            orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            shortName: "intel",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00106.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@intel.com",
               DATE_PUBLIC: "2018-06-04T00:00:00",
               ID: "CVE-2018-3691",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Integrated Performance Primitives Cryptography Library",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "before 2018 U3.1",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Intel Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Information Disclosure",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00106.html",
                     refsource: "CONFIRM",
                     url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00106.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce",
      assignerShortName: "intel",
      cveId: "CVE-2018-3691",
      datePublished: "2018-06-05T21:00:00Z",
      dateReserved: "2017-12-28T00:00:00",
      dateUpdated: "2024-09-16T20:01:38.691Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-33147
Vulnerability from cvelistv5
Published
2022-02-09 22:04
Modified
2024-08-03 23:42
Severity ?
Summary
Improper conditions check in the Intel(R) IPP Crypto library before version 2021.2 may allow an authenticated user to potentially enable information disclosure via local access.
Impacted products
Vendor Product Version
n/a Intel(R) IPP Crypto library Version: before version 2021.2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T23:42:20.199Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00600.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Intel(R) IPP Crypto library",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "before version 2021.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Improper conditions check in the Intel(R) IPP Crypto library before version 2021.2 may allow an authenticated user to potentially enable information disclosure via local access.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: " information disclosure ",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-02-09T22:04:42",
            orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            shortName: "intel",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00600.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@intel.com",
               ID: "CVE-2021-33147",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Intel(R) IPP Crypto library",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "before version 2021.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Improper conditions check in the Intel(R) IPP Crypto library before version 2021.2 may allow an authenticated user to potentially enable information disclosure via local access.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: " information disclosure ",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00600.html",
                     refsource: "MISC",
                     url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00600.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce",
      assignerShortName: "intel",
      cveId: "CVE-2021-33147",
      datePublished: "2022-02-09T22:04:42",
      dateReserved: "2021-05-18T00:00:00",
      dateUpdated: "2024-08-03T23:42:20.199Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-40974
Vulnerability from cvelistv5
Published
2023-05-10 13:16
Modified
2024-08-03 12:28
Summary
Incomplete cleanup in the Intel(R) IPP Cryptography software before version 2021.6 may allow a privileged user to potentially enable information disclosure via local access.
Impacted products
Vendor Product Version
n/a Intel(R) IPP Cryptography software Version: before version 2021.6
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T12:28:42.952Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html",
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Intel(R) IPP Cryptography software",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "before version 2021.6",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Incomplete cleanup in the Intel(R) IPP Cryptography software before version 2021.6 may allow a privileged user to potentially enable information disclosure via local access.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "NONE",
                  baseScore: 1.8,
                  baseSeverity: "LOW",
                  confidentialityImpact: "LOW",
                  integrityImpact: "NONE",
                  privilegesRequired: "HIGH",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "information disclosure",
                     lang: "en",
                  },
                  {
                     cweId: "CWE-459",
                     description: "Incomplete cleanup",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-10T13:16:53.962Z",
            orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            shortName: "intel",
         },
         references: [
            {
               name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html",
               url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce",
      assignerShortName: "intel",
      cveId: "CVE-2022-40974",
      datePublished: "2023-05-10T13:16:53.962Z",
      dateReserved: "2022-09-29T03:00:05.366Z",
      dateUpdated: "2024-08-03T12:28:42.952Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd
Published
2022-02-09 23:15
Modified
2024-11-21 06:08
Summary
Improper conditions check in the Intel(R) IPP Crypto library before version 2021.2 may allow an authenticated user to potentially enable information disclosure via local access.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:intel:integrated_performance_primitives_cryptography:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F6D9ADC-0961-4FC7-9419-BA7C7E7C64B2",
                     versionEndExcluding: "2021.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Improper conditions check in the Intel(R) IPP Crypto library before version 2021.2 may allow an authenticated user to potentially enable information disclosure via local access.",
      },
      {
         lang: "es",
         value: "Una comprobación de condiciones inapropiadas en la biblioteca Intel(R) IPP Crypto versiones anteriores a 2021.2, puede permitir a un usuario autenticado habilitar potencialmente una divulgación de información por medio del acceso local",
      },
   ],
   id: "CVE-2021-33147",
   lastModified: "2024-11-21T06:08:25.353",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.1,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-02-09T23:15:15.783",
   references: [
      {
         source: "secure@intel.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00600.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00600.html",
      },
   ],
   sourceIdentifier: "secure@intel.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-754",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-05-10 14:15
Modified
2024-11-21 07:44
Summary
Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local access.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:intel:advisor:*:*:*:*:*:oneapi:*:*",
                     matchCriteriaId: "ACFF62CB-DC95-4A03-8886-E3DE682ECF45",
                     versionEndExcluding: "2023.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:cpu_runtime:*:*:*:*:*:opencl:*:*",
                     matchCriteriaId: "65B36180-4945-4A43-B2AD-B917C6FA052C",
                     versionEndExcluding: "2023.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:distribution_for_python:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CF57C55-C87E-428C-9634-158AA00C4717",
                     versionEndExcluding: "2023.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:dpc\\+\\+_compatibility_tool:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFA35C90-15A8-492A-82AA-EB90B5A64CC3",
                     versionEndExcluding: "2023.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:embree_ray_tracing_kernel_library:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B39BDDD-5AED-4E02-A856-330F54E7660A",
                     versionEndExcluding: "2023.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:fortran_compiler:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0160EA22-BD65-4674-97A0-D10CE4171895",
                     versionEndExcluding: "2023.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:implicit_spmd_program_compiler:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3CC2A97B-1E5D-4076-BC33-2137275B80EB",
                     versionEndExcluding: "1.18.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:inspector:*:*:*:*:*:oneapi:*:*",
                     matchCriteriaId: "FDDBD13A-D43F-4855-912A-D1AD78C42B63",
                     versionEndExcluding: "2023.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:integrated_performance_primitives:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1200A0B0-FE28-424D-B225-5A9FBA381F59",
                     versionEndExcluding: "2021.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:integrated_performance_primitives_cryptography:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "92634595-EBED-490B-8C5D-E0628B5671C1",
                     versionEndExcluding: "2021.6.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:mpi_library:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "73AD7DE0-4634-4760-863D-705CEFF0D531",
                     versionEndExcluding: "2021.8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:oneapi_base_toolkit:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "77F68C74-6AEB-4586-A9A1-2AA4CABC992D",
                     versionEndExcluding: "2023.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:oneapi_data_analytics_library:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6DDFCC4E-E137-40BA-B6A3-9650D8FB9DA9",
                     versionEndExcluding: "2023.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:oneapi_deep_neural_network_library:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "12E76EDE-CA0D-4861-80EE-A7A860F2F6AE",
                     versionEndExcluding: "2023.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:oneapi_dpc\\+\\+\\/c\\+\\+_compiler:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "91F934F2-5D53-449D-8033-31C01BF99A1E",
                     versionEndExcluding: "2023.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:oneapi_dpc\\+\\+_library:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DF697BE5-6DDE-40AD-853F-CA1C05638E1C",
                     versionEndExcluding: "2022.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:oneapi_hpc_toolkit:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6728C973-7E1D-46EB-BE07-E572A09B5D96",
                     versionEndExcluding: "2023.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:oneapi_hpc_toolkit:2023.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D0726E01-A9D7-4D32-92C5-4D7673A7DDC3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:oneapi_iot_toolkit:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "04049E09-EA46-4270-844A-722AD33E9305",
                     versionEndExcluding: "2023.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:oneapi_math_kernel_library:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "42A7BFFF-DEB1-42F4-984F-3462DEF40A41",
                     versionEndExcluding: "2023.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:oneapi_rendering_toolkit:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9962AA12-66F5-4545-88FE-2EF3A671E904",
                     versionEndExcluding: "2023.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:oneapi_threading_building_blocks:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "85C9E5C6-95FA-4C62-B18A-13FAE13E3AD5",
                     versionEndExcluding: "2021.8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:oneapi_toolkit_and_component_software_installers:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "850130A2-4C4D-4E0A-A5B6-62619B673290",
                     versionEndExcluding: "4.3.0.251",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:oneapi_video_processing_library:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "06201FF4-6ED4-4E41-A356-738A4E5F8AEC",
                     versionEndExcluding: "2023.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:open_image_denoise:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "65B820BD-07FB-48AC-B3E4-F3DCAB991C9B",
                     versionEndExcluding: "1.4.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:open_volume_kernel_library:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D7C18F6-10F1-49DC-93BC-C5A0A170F404",
                     versionEndExcluding: "2023.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:ospray:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0DA13265-18CF-46A0-89FE-2249E9DAF597",
                     versionEndExcluding: "2023.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:ospray_studio:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1BABB997-985A-4BAC-93CA-FB7CD0CE545F",
                     versionEndExcluding: "2023.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:trace_analyzer_and_collector:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA7E18CB-DCAF-4EA3-95BE-4FF68783E2C8",
                     versionEndExcluding: "2021.8.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:vtune_profiler:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B852D3CA-B710-4686-9414-5D0FDEF0C4B3",
                     versionEndExcluding: "2023.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local access.",
      },
   ],
   id: "CVE-2023-22355",
   lastModified: "2024-11-21T07:44:37.140",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 6.7,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 0.8,
            impactScore: 5.9,
            source: "secure@intel.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-05-10T14:15:27.240",
   references: [
      {
         source: "secure@intel.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00819.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00819.html",
      },
   ],
   sourceIdentifier: "secure@intel.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-427",
            },
         ],
         source: "secure@intel.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-427",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-06-09 20:15
Modified
2024-11-21 05:41
Summary
Observable timing discrepancy in Intel(R) IPP before version 2020 update 1 may allow authorized user to potentially enable information disclosure via local access.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:intel:integrated_performance_primitives_cryptography:2019:-:*:*:*:*:*:*",
                     matchCriteriaId: "C228B092-D84F-4A92-B9A7-C85E069ACE04",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:integrated_performance_primitives_cryptography:2019:update_1:*:*:*:*:*:*",
                     matchCriteriaId: "1D59D26E-C3A9-425D-BF47-9F100406B55C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:integrated_performance_primitives_cryptography:2019:update_2:*:*:*:*:*:*",
                     matchCriteriaId: "A5E59DAE-EDD5-41E2-81EB-68CCEE6111C4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:integrated_performance_primitives_cryptography:2019:update_3:*:*:*:*:*:*",
                     matchCriteriaId: "43B76D8D-6BF9-4468-896B-C41E777E2B19",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:integrated_performance_primitives_cryptography:2019:update_4:*:*:*:*:*:*",
                     matchCriteriaId: "46B03979-727A-4230-8B35-7BC9F4C24D7C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:integrated_performance_primitives_cryptography:2020:-:*:*:*:*:*:*",
                     matchCriteriaId: "6FCBAD61-98CA-4FC4-B748-E2367EF8D4C4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:sgx_dcap:*:*:*:*:*:linux:*:*",
                     matchCriteriaId: "051C831D-C8FB-41F5-B2B9-152C7B7FE66D",
                     versionEndIncluding: "1.10.100.4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:sgx_dcap:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "7D87FA8C-54D8-4C79-9A46-59563B6A1B05",
                     versionEndIncluding: "1.10.100.4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:sgx_psw:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "0347067C-4AEC-4F6A-B35B-21671FC553F4",
                     versionEndIncluding: "2.12.100.4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:sgx_psw:*:*:*:*:*:linux:*:*",
                     matchCriteriaId: "6BEB7E68-4C75-42E4-AF30-4643CF166F70",
                     versionEndIncluding: "2.13.100.4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:sgx_sdk:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B5717416-A859-45C8-BBF1-F33AF80536B3",
                     versionEndIncluding: "2.12.100.4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intel:sgx_sdk:*:*:*:*:*:linux:*:*",
                     matchCriteriaId: "3643652F-9986-48AB-A479-91BC7AFB2847",
                     versionEndIncluding: "2.13.100.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Observable timing discrepancy in Intel(R) IPP before version 2020 update 1 may allow authorized user to potentially enable information disclosure via local access.",
      },
      {
         lang: "es",
         value: "Una discrepancia de tiempo observable en Intel® IPP versiones anteriores a 2020 update 1, puede permitir a un usuario autorizado permitir potencialmente una divulgación de información por medio de un acceso local",
      },
   ],
   id: "CVE-2021-0001",
   lastModified: "2024-11-21T05:41:40.300",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.1,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 4.7,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-06-09T20:15:08.180",
   references: [
      {
         source: "secure@intel.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00477.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00477.html",
      },
   ],
   sourceIdentifier: "secure@intel.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-203",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-05-10 14:15
Modified
2024-11-21 07:14
Summary
Insufficient control flow management for the Intel(R) IPP Cryptography software before version 2021.6 may allow an authenticated user to potentially enable information disclosure via local access.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:intel:integrated_performance_primitives_cryptography:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B9B35574-6866-47EF-84BF-7940317719F6",
                     versionEndExcluding: "2021.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Insufficient control flow management for the Intel(R) IPP Cryptography software before version 2021.6 may allow an authenticated user to potentially enable information disclosure via local access.",
      },
   ],
   id: "CVE-2022-37409",
   lastModified: "2024-11-21T07:14:56.533",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 4.7,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1,
            impactScore: 3.6,
            source: "secure@intel.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-05-10T14:15:13.647",
   references: [
      {
         source: "secure@intel.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html",
      },
   ],
   sourceIdentifier: "secure@intel.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-691",
            },
         ],
         source: "secure@intel.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-06-05 21:29
Modified
2024-11-21 04:05
Summary
Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:intel:integrated_performance_primitives_cryptography:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "73156E64-C4CB-4206-9062-BF30020BCE3D",
                     versionEndExcluding: "2018_u3.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time.",
      },
      {
         lang: "es",
         value: "Algunas implementaciones en Intel Integrated Performance Primitives Cryptography Library anteriores a la versión 2018 U3.1 no aseguran correctamente un tiempo de ejecución constante.",
      },
   ],
   id: "CVE-2018-3691",
   lastModified: "2024-11-21T04:05:53.853",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 1.9,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:M/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 3.4,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 4.7,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 1,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-06-05T21:29:00.993",
   references: [
      {
         source: "secure@intel.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00106.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00106.html",
      },
   ],
   sourceIdentifier: "secure@intel.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-05-10 14:15
Modified
2024-11-21 07:22
Summary
Incomplete cleanup in the Intel(R) IPP Cryptography software before version 2021.6 may allow a privileged user to potentially enable information disclosure via local access.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:intel:integrated_performance_primitives_cryptography:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B9B35574-6866-47EF-84BF-7940317719F6",
                     versionEndExcluding: "2021.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Incomplete cleanup in the Intel(R) IPP Cryptography software before version 2021.6 may allow a privileged user to potentially enable information disclosure via local access.",
      },
   ],
   id: "CVE-2022-40974",
   lastModified: "2024-11-21T07:22:20.190",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 1.8,
               baseSeverity: "LOW",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 0.3,
            impactScore: 1.4,
            source: "secure@intel.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-05-10T14:15:15.933",
   references: [
      {
         source: "secure@intel.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html",
      },
   ],
   sourceIdentifier: "secure@intel.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-459",
            },
         ],
         source: "secure@intel.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-459",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-05-10 14:15
Modified
2024-11-21 07:23
Summary
Insufficient control flow management in the Intel(R) IPP Cryptography software before version 2021.6 may allow an unauthenticated user to potentially enable information disclosure via local access.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:intel:integrated_performance_primitives_cryptography:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B9B35574-6866-47EF-84BF-7940317719F6",
                     versionEndExcluding: "2021.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Insufficient control flow management in the Intel(R) IPP Cryptography software before version 2021.6 may allow an unauthenticated user to potentially enable information disclosure via local access.",
      },
   ],
   id: "CVE-2022-41646",
   lastModified: "2024-11-21T07:23:33.540",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 4.7,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1,
            impactScore: 3.6,
            source: "secure@intel.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-05-10T14:15:17.533",
   references: [
      {
         source: "secure@intel.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html",
      },
   ],
   sourceIdentifier: "secure@intel.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-691",
            },
         ],
         source: "secure@intel.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}