Analysis Summary

CVE-2023-39929 CVSS:6.7

Intel Libva library could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path. An authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-39433 CVSS:4.4

Intel CST Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. An authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2024-22384 CVSS:2.8

Intel Trace Analyzer and Collector Software could allow a local authenticated attacker to obtain sensitive information, caused by an out-of-bounds read flaw. An attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks.

Impact

• Privilege Escalation
• Information Disclosure

Indicators of Compromise

CVE

• CVE-2023-39929
• CVE-2023-39433
• CVE-2024-22384

Affected Vendors

Affected Products

• Intel Trace Analyzer and Collector software
• Intel CST Software 2.1
• Intel Libva library 2.19.0
• Intel Libva iotg-lin-gfx-libva library

Remediation

Refer to Intel Security Advisory for patch, upgrade or suggested workaround information.

CVE-2023-39929

CVE-2023-39433

CVE-2024-22384