CVE-2023-22656

EUVD-2023-26786
Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.9 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
intelCNA
3.9 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Affected Products (NVD)
VendorProductVersion
intelonevpl_gpu_runtime
𝑥
< 23.3.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
intel-mediasdk
bookworm
ignored
bullseye
vulnerable
onevpl-intel-gpu
bookworm
ignored
sid
24.3.4-1
fixed
trixie
24.3.4-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
intel-mediasdk
focal
needed
jammy
needed
noble
needed
oracular
needed
onevpl
focal
dne
jammy
needed
noble
needed
oracular
needed
Common Weakness Enumeration
References
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html