Intel oneVPL Software Vulnerability Could Lead to Information Disclosure
CVE-2023-48727

3.3LOW

Key Information:

Vendor: Intel
Status: Intel(r) Onevpl Software
Vendor: CVE Published:; 16 May 2024

Summary

A vulnerability exists in Intel oneVPL software that allows an authenticated user to exploit a NULL pointer dereference, resulting in the potential for information disclosure. This issue may occur before version 23.3.5 and poses risks when local access is gained by a malicious user. The nature of the vulnerability highlights the need for timely software updates and rigorous security practices in safeguarding sensitive information.

Affected Version(s)

Intel(R) oneVPL software before version 23.3.5

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 16, 2024
Vulnerability Reserved
Nov 27, 2023