Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Intel Data Center Manager Vulnerabilities
May 11, 2023
Rewterz
Rewterz Threat Alert – APT-C-35 aka Donot Team – Active IOCs
May 11, 2023

Rewterz Threat Advisory – Multiple Intel QAT Engine and Driver Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2022-41699 CVSS:8.2

Intel QAT Driver for Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect permission assignment for a critical resource. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2022-43507 CVSS:7.5

Intel QAT Engine for OpenSSL could allow a remote attacker to gain elevated privileges on the system, caused by improper buffer restrictions. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.

CVE-2022-21239 CVSS:5.6

Intel QAT Driver for Windows could allow a local authenticated attacker to obtain sensitive information, caused by an out-of-bounds read flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2022-41808 CVSS:3.3

Intel QAT Driver for Linux is vulnerable to a denial of service, caused by improper buffer restriction. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2022-41699 CVSS:8.2

Intel QAT Driver for Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect permission assignment for a critical resource. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.

Impact

  • Privilege Escalation
  • Information Disclosure
  • Denial of Service

Indicators Of Compromise

CVE

  • CVE-2022-41699
  • CVE-2022-43507
  • CVE-2022-21239
  • CVE-2022-41808

Affected Vendors

Intel

Affected Products

  • Intel QAT Driver for Windows 1.9.0
  • Intel QAT Engine for OpenSSL
  • Intel QAT Driver for Linux 1.7.1
  • Intel Event Series Android application

Remediation

Refer to INTEL Security Advisory for patch, upgrade or suggested workaround information. 

CVE-2022-41699

CVE-2022-43507

CVE-2022-21239

CVE-2022-41808

CVE-2022-41699