CVE-2023-48368 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.9 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H
intel	CNA	5.9 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 7%

Affected Products (NVD)

Vendor	Product	Version
intel	media_sdk	*

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

intel-mediasdk

bookworm	ignored
bullseye	vulnerable

onevpl-intel-gpu

bookworm	ignored
sid	24.3.4-1 fixed
trixie	24.3.4-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

intel-mediasdk

focal	needed
jammy	needed
noble	needed
oracular	needed

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html