Insufficient Randomness Vulnerability in Intel Quartus Prime Pro Edition for Linux
CVE-2023-24478

5.5MEDIUM

Key Information:

Vendor: Intel
Status: Intel Agilex(r) Software Included As Part Of Intel(r) Quartus(r) Prime Pro Edition For Linux
Vendor: CVE Published:; 15 August 2023

What is CVE-2023-24478?

An insufficient randomness vulnerability exists in Intel Quartus Prime Pro Edition for Linux prior to version 22.4. This flaw allows authenticated users to potentially exploit the software, leading to information disclosure via local access. The lack of properly random values could enable attackers to glean sensitive data, emphasizing the need for organizations to update to the latest version to mitigate associated risks.

Affected Version(s)

Intel Agilex(R) software included as part of Intel(R) Quartus(R) Prime Pro Edition for linux before version 22.4

References

http://www.intel.com/content/www/us/en/security-center/ad...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 15, 2023
Vulnerability Reserved
Mar 1, 2023