CVE-2018-12155

Published: Dec 5, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Data leakage in cryptographic libraries for Intel IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access.

Affected (2)

Products: Intel: Integrated Performance Primitives

Intel

1 product

Integrated Performance Primitives

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Intel Integrated Performance Primitives	Before 2019
Intel Integrated Performance Primitives	Version 2019

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://support.lenovo.com/us/en/solutions/LEN-25662

Source: secure@intel.com

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00202.html

Source: secure@intel.com

Vendor Advisory

http://support.lenovo.com/us/en/solutions/LEN-25662

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00202.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.