Sign-up

ID

VAR-202302-1349


CVE

CVE-2022-36397


TITLE

Intel multiple  OS  for  Intel QuickAssist Technology  Vulnerability regarding improper default permissions in

Trust: 0.8

sources: JVNDB: JVNDB-2022-020110

DESCRIPTION

Incorrect default permissions in the software installer for some Intel(R) QAT drivers for Linux before version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel multiple OS for Intel QuickAssist Technology There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-36397 // JVNDB: JVNDB-2022-020110 // VULHUB: VHN-432503 // VULMON: CVE-2022-36397

AFFECTED PRODUCTS

vendor:intelmodel:quickassist technologyscope:ltversion:4.17

Trust: 1.0

vendor:intelmodel:quickassist technologyscope:ltversion:1.6

Trust: 1.0

vendor:インテルmodel:intel quickassist technologyscope: - version: -

Trust: 0.8

vendor:インテルmodel:intel quickassist technologyscope:eqversion:4.17

Trust: 0.8

vendor:インテルmodel:intel quickassist technologyscope:eqversion:1.6

Trust: 0.8

vendor:インテルmodel:intel quickassist technologyscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-020110 // NVD: CVE-2022-36397

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-36397
value: HIGH

Trust: 1.0

secure@intel.com: CVE-2022-36397
value: HIGH

Trust: 1.0

NVD: CVE-2022-36397
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202302-1468
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-36397
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

secure@intel.com: CVE-2022-36397
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.3
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-36397
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-020110 // CNNVD: CNNVD-202302-1468 // NVD: CVE-2022-36397 // NVD: CVE-2022-36397

PROBLEMTYPE DATA

problemtype:CWE-276

Trust: 1.1

problemtype:Inappropriate default permissions (CWE-276) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-432503 // JVNDB: JVNDB-2022-020110 // NVD: CVE-2022-36397

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-1468

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202302-1468

PATCH

title:Intel(R) QAT drivers Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=227787

Trust: 0.6

sources: CNNVD: CNNVD-202302-1468

EXTERNAL IDS

db:NVDid:CVE-2022-36397

Trust: 3.4

db:JVNid:JVNVU91223897

Trust: 0.8

db:JVNDBid:JVNDB-2022-020110

Trust: 0.8

db:CNNVDid:CNNVD-202302-1468

Trust: 0.6

db:VULHUBid:VHN-432503

Trust: 0.1

db:VULMONid:CVE-2022-36397

Trust: 0.1

sources: VULHUB: VHN-432503 // VULMON: CVE-2022-36397 // JVNDB: JVNDB-2022-020110 // CNNVD: CNNVD-202302-1468 // NVD: CVE-2022-36397

REFERENCES

url:http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00751.html

Trust: 2.6

url:https://jvn.jp/vu/jvnvu91223897/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-36397

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-36397/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-432503 // VULMON: CVE-2022-36397 // JVNDB: JVNDB-2022-020110 // CNNVD: CNNVD-202302-1468 // NVD: CVE-2022-36397

SOURCES

db:VULHUBid:VHN-432503
db:VULMONid:CVE-2022-36397
db:JVNDBid:JVNDB-2022-020110
db:CNNVDid:CNNVD-202302-1468
db:NVDid:CVE-2022-36397

LAST UPDATE DATE

2024-08-14T12:44:19.035000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-432503date:2023-03-06T00:00:00
db:VULMONid:CVE-2022-36397date:2023-02-17T00:00:00
db:JVNDBid:JVNDB-2022-020110date:2023-10-31T06:08:00
db:CNNVDid:CNNVD-202302-1468date:2023-03-07T00:00:00
db:NVDid:CVE-2022-36397date:2023-03-06T19:43:03.747

SOURCES RELEASE DATE

db:VULHUBid:VHN-432503date:2023-02-16T00:00:00
db:VULMONid:CVE-2022-36397date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2022-020110date:2023-10-31T00:00:00
db:CNNVDid:CNNVD-202302-1468date:2023-02-16T00:00:00
db:NVDid:CVE-2022-36397date:2023-02-16T21:15:13.417