Information Disclosure Vulnerability in Intel IPP Cryptography Software
CVE-2022-40974

1.8LOW

Key Information:

Vendor: Intel
Status: Intel(r) Ipp Cryptography Software
Vendor: CVE Published:; 10 May 2023

Summary

An incomplete cleanup issue within Intel(R) IPP Cryptography software prior to version 2021.6 allows privileged users to potentially gain access to sensitive information through local access methods. This could lead to significant security concerns as unauthorized users may exploit the vulnerability to retrieve confidential data stored in memory.

Affected Version(s)

Intel(R) IPP Cryptography software before version 2021.6

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

1.8

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 10, 2023
Vulnerability Reserved
Sep 29, 2022