Information Disclosure Vulnerability in Intel IPP Cryptography Software
CVE-2022-40974

1.8LOW

Key Information:

Vendor: Intel
Status: Intel(r) Ipp Cryptography Software
Vendor: CVE Published:; 10 May 2023

What is CVE-2022-40974?

An incomplete cleanup issue within Intel(R) IPP Cryptography software prior to version 2021.6 allows privileged users to potentially gain access to sensitive information through local access methods. This could lead to significant security concerns as unauthorized users may exploit the vulnerability to retrieve confidential data stored in memory.

Affected Version(s)

Intel(R) IPP Cryptography software before version 2021.6

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

1.8

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 10, 2023
Vulnerability Reserved
Sep 29, 2022