Sorry, you need to enable JavaScript to visit this website.

Feedback

Your feedback is important to keep improving our website and offer you a more reliable experience.

Intel® QuickAssist Technology for Linux Advisory

Intel ID: INTEL-OSS-10005
Advisory Category: Software
Impact of vulnerability: Information Disclosure
Severity rating: High
Original release: 10/09/2018
Last revised: 10/09/2018
CVE: CVE-2018-12193

Summary

A potential security vulnerability in Intel® QuickAssist Technology for Linux may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability.

Description

Insufficient access control in driver stack for Intel® QuickAssist Technology for Linux before version 4.2 may allow an unprivileged user to potentially disclose information via local access.

CVSS Base Score: 7.8 High

CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products

Intel® QuickAssist Technology for Linux before 4.2

Recommendations

Intel recommends that users of Intel® QuickAssist Technology for Linux update to 4.2.0-00022 or later.

Updates are available for download at this location: https://01.org/intel-quick-assist-technology/downloads/intel%C2%AE-quickassist-technology-driver-linux-hw-version-1.7-l.4.2.0-00022

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are deployed.

Acknowledgements

This issue was found internally by Intel employees. Intel we would like to thank Ryan Hall from the DCG Red Team.

Revision history

Revision Date Description
1.0 10/09/2018 Initial Release