Information disclosure in Intel IPP

Published: 2018-12-07 22:52:59
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-12155
CVSSv3 4.1 [CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CWE ID CWE-200
Exploitation vector Local
Public exploit N/A
Vulnerable software Intel Integrated Performance Primitives
Vulnerable software versions Intel Integrated Performance Primitives 2018 U2.1
Intel Integrated Performance Primitives 9.0
Intel Integrated Performance Primitives 8.2

Show more

Vendor URL Intel

Security Advisory

1) Information disclosure

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to data leakage that may occur in certain cryptographic libraries used by the affected software. A local attacker can access sensitive information that can be used to conduct further attacks.

Remediation

Update to version 2019 Update 1.

External links

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00202.html

Back to List