CVE-2023-32641 - Vulnerability Details - OpenCVE

Improper input validation in firmware for Intel(R) QAT before version QAT20.L.1.0.40-00004 may allow escalation of privilege and denial of service via adjacent access.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Intel	Quickassist Technology

Configuration 1 [-]

cpe:2.3:a:intel:quickassist_technology:*:*:*:*:*:linux:*:*

No data.

References

Link	Providers
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00945.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2023-11-14T19:04:54.038Z

Updated: 2024-08-30T15:16:47.679Z

Reserved: 2023-06-06T03:00:04.994Z

Link: CVE-2023-32641

Vulnrichment

Updated: 2024-08-02T15:25:36.617Z

NVD

Status : Modified

Published: 2023-11-14T19:15:26.043

Modified: 2024-11-21T08:03:45.287

Link: CVE-2023-32641

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-32641", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "state": "PUBLISHED", "assignerShortName": "intel", "dateReserved": "2023-06-06T03:00:04.994Z", "datePublished": "2023-11-14T19:04:54.038Z", "dateUpdated": "2024-08-30T15:16:47.679Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2023-11-14T19:04:54.038Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege, denial of service"}, {"lang": "en", "description": "Improper input validation", "cweId": "CWE-20", "type": "CWE"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) QAT", "versions": [{"version": "before version QAT20.L.1.0.40-00004", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper input validation in firmware for Intel(R) QAT before version QAT20.L.1.0.40-00004 may allow escalation of privilege and denial of service via adjacent access."}], "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00945.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00945.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:H", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:25:36.617Z"}, "title": "CVE Program Container", "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00945.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00945.html", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-30T15:03:47.434106Z", "id": "CVE-2023-32641", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-30T15:16:47.679Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00945.html", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00945.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:25:36.617Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-32641", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-30T15:03:47.434106Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-30T15:16:42.611Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) QAT", "versions": [{"status": "affected", "version": "before version QAT20.L.1.0.40-00004"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00945.html", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00945.html"}], "descriptions": [{"lang": "en", "value": "Improper input validation in firmware for Intel(R) QAT before version QAT20.L.1.0.40-00004 may allow escalation of privilege and denial of service via adjacent access."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege, denial of service"}, {"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "Improper input validation"}]}], "providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2023-11-14T19:04:54.038Z"}}}, "cveMetadata": {"cveId": "CVE-2023-32641", "state": "PUBLISHED", "dateUpdated": "2024-08-30T15:16:47.679Z", "dateReserved": "2023-06-06T03:00:04.994Z", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "datePublished": "2023-11-14T19:04:54.038Z", "assignerShortName": "intel"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intel:quickassist_technology:*:*:*:*:*:linux:*:*", "matchCriteriaId": "EAC4134A-7434-43C5-9694-5DD4639CE8FF", "versionEndExcluding": "1.0.40-00004", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper input validation in firmware for Intel(R) QAT before version QAT20.L.1.0.40-00004 may allow escalation of privilege and denial of service via adjacent access."}, {"lang": "es", "value": "La validaci\u00f3n de entrada incorrecta en el firmware para Intel(R) QAT anterior a la versi\u00f3n QAT20.L.1.0.40-00004 puede permitir la escalada de privilegios y la denegaci\u00f3n de servicio a trav\u00e9s del acceso adyacente."}], "id": "CVE-2023-32641", "lastModified": "2024-11-21T08:03:45.287", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.8, "source": "secure@intel.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-14T19:15:26.043", "references": [{"source": "secure@intel.com", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00945.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00945.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "secure@intel.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}