CVE-2023-22338

MEDIUM

Intel oneVPL <22.6.5 - Info Disclosure

Title source: llm

Description

Out-of-bounds read in some Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable information disclosure via local access.

References (4)

Core 4

Core References

Vendor Advisory

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00818.html

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/J7RNFPWOSFII2JE2KDRHPLJANZC3YATW/

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/L27GRS7E45IOCZ44VQX2NJ33GVRBWHBS/

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/TULYSWHC3X76AIGGMUSLBTWOXNND6IEV/

Scores

CVSS v3 4.4

EPSS 0.0004

EPSS Percentile 12.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-125

Status published

Products (4)

fedoraproject/fedora 37

fedoraproject/fedora 38

fedoraproject/fedora 39

intel/onevpl_gpu_runtime < 22.6.5

Published Aug 11, 2023

Tracked Since Feb 18, 2026