Intel® QuickAssist Technology for Linux Advisory
|Impact of vulnerability:||Information Disclosure|
A potential security vulnerability in Intel® QuickAssist Technology for Linux may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability.
Insufficient access control in driver stack for Intel® QuickAssist Technology for Linux before version 4.2 may allow an unprivileged user to potentially disclose information via local access.
CVSS Base Score: 7.8 High
CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Intel® QuickAssist Technology for Linux before 4.2
Intel recommends that users of Intel® QuickAssist Technology for Linux update to 4.2.0-00022 or later.
Updates are available for download at this location: https://01.org/intel-quick-assist-technology/downloads/intel%C2%AE-quickassist-technology-driver-linux-hw-version-1.7-l.4.2.0-00022
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are deployed.
This issue was found internally by Intel employees. Intel we would like to thank Ryan Hall from the DCG Red Team.