CVE-2023-48368 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.9 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H
intel	CNA	5.9 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 5%

Debian Releases

Debian Product

Codename

intel-mediasdk

bullseye	vulnerable
bookworm	ignored

onevpl-intel-gpu

bookworm	ignored
sid	24.3.4-1 fixed
trixie	24.3.4-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

intel-mediasdk

oracular	needed
noble	needed
jammy	needed
focal	needed

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html