CVE-2023-48727

EUVD-2023-52761
NULL pointer dereference in some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable information disclosure via local access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
intelCNA
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Affected Products (NVD)
VendorProductVersion
intelonevpl_gpu_runtime
𝑥
< 23.3.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
intel-mediasdk
bookworm
ignored
bullseye
vulnerable
onevpl-intel-gpu
bookworm
ignored
sid
24.3.4-1
fixed
trixie
24.3.4-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
onevpl
focal
dne
jammy
needed
noble
needed
oracular
needed
Common Weakness Enumeration
References
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html