CVE-2023-48727

NULL pointer dereference in some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable information disclosure via local access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
intelCNA
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
VendorProductVersion
intelonevpl_gpu_runtime
𝑥
< 23.3.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
intel-mediasdk
bullseye
vulnerable
bookworm
ignored
onevpl-intel-gpu
bookworm
ignored
sid
24.3.4-1
fixed
trixie
24.3.4-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
onevpl
oracular
needed
noble
needed
jammy
needed
focal
dne
Common Weakness Enumeration
References
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html