CVE-2023-22840 : Improper neutralization in software for the Intel(R) oneVPL GPU software before

Improper neutralization in software for the Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable denial of service via local access.

Published 2023-08-11 03:15:18

Updated 2023-11-08 03:10:50

Source Intel Corporation

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2023-22840

Intel » Onevpl Gpu Runtime
Versions before (<) 22.6.5
cpe:2.3:a:intel:onevpl_gpu_runtime:*:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 37
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 38
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 39
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-22840

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 15 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-22840

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L	1.8	1.4	Intel Corporation
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: Low

CWE ids for CVE-2023-22840

CWE-86 Improper Neutralization of Invalid Characters in Identifiers in Web Pages

The product does not neutralize or incorrectly neutralizes invalid characters or byte sequences in the middle of tag names, URI schemes, and other identifiers.

Assigned by: secure@intel.com (Secondary)

References for CVE-2023-22840

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J7RNFPWOSFII2JE2KDRHPLJANZC3YATW/

[SECURITY] Fedora 38 Update: oneVPL-2023.3.1-1.fc38 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TULYSWHC3X76AIGGMUSLBTWOXNND6IEV/

[SECURITY] Fedora 37 Update: oneVPL-intel-gpu-23.3.4-2.fc37 - package-announce - Fedora Mailing-Lists
Issue Tracking;Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L27GRS7E45IOCZ44VQX2NJ33GVRBWHBS/

[SECURITY] Fedora 39 Update: oneVPL-intel-gpu-23.3.4-2.fc39 - package-announce - Fedora Mailing-Lists
Issue Tracking;Third Party Advisory

CVEs referencing this url
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00818.html

Access Denied
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-22840

Products affected by CVE-2023-22840

Exploit prediction scoring system (EPSS) score for CVE-2023-22840

CVSS scores for CVE-2023-22840

CWE ids for CVE-2023-22840

References for CVE-2023-22840