CVE-2023-22656

EUVD-2023-26786
Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.9 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
intelonevpl_gpu_runtime
𝑥
< 23.3.5
ADP
Debian logo
Debian Releases
Debian Product
Codename
intel-mediasdk
bookworm
ignored
bullseye
vulnerable
onevpl-intel-gpu
bookworm
ignored
sid
24.3.4-1
fixed
trixie
24.3.4-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
intel-mediasdk
focal
needed
jammy
needed
noble
needed
oracular
needed
onevpl
focal
dne
jammy
needed
noble
needed
oracular
needed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
gstreamer-plugins-bad
suse enterprise desktop 15 SP5
1.22.0-150500.3.25.2
fixed
suse enterprise sap 15 SP5
1.22.0-150500.3.25.2
fixed
suse enterprise server 15 SP2
1.16.3-150200.4.22.1
fixed
suse enterprise server 15 SP4
1.20.1-150400.3.23.2
fixed
suse enterprise server 15 SP5
1.22.0-150500.3.25.2
fixed
gstreamer-plugins-bad-chromaprint
suse enterprise desktop 15 SP5
1.22.0-150500.3.25.2
fixed
suse enterprise sap 15 SP5
1.22.0-150500.3.25.2
fixed
suse enterprise server 15 SP2
1.16.3-150200.4.22.1
fixed
suse enterprise server 15 SP4
1.20.1-150400.3.23.2
fixed
suse enterprise server 15 SP5
1.22.0-150500.3.25.2
fixed
gstreamer-plugins-bad-devel
suse enterprise desktop 15 SP5
1.22.0-150500.3.25.2
fixed
suse enterprise sap 15 SP5
1.22.0-150500.3.25.2
fixed
suse enterprise server 15 SP2
1.16.3-150200.4.22.1
fixed
suse enterprise server 15 SP4
1.20.1-150400.3.23.2
fixed
suse enterprise server 15 SP5
1.22.0-150500.3.25.2
fixed
gstreamer-plugins-bad-lang
suse enterprise desktop 15 SP5
1.22.0-150500.3.25.2
fixed
suse enterprise sap 15 SP5
1.22.0-150500.3.25.2
fixed
suse enterprise server 15 SP2
1.16.3-150200.4.22.1
fixed
suse enterprise server 15 SP4
1.20.1-150400.3.23.2
fixed
suse enterprise server 15 SP5
1.22.0-150500.3.25.2
fixed
libmfx1
suse enterprise desktop 15 SP5
22.6.1-150500.3.5.1
fixed
suse enterprise sap 15 SP5
22.6.1-150500.3.5.1
fixed
suse enterprise server 15 SP4
21.3.4-150400.3.5.1
fixed
suse enterprise server 15 SP5
22.6.1-150500.3.5.1
fixed
Common Weakness Enumeration
References
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html