Source: intel-mediasdk X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerabilities were published for intel-mediasdk. CVE-2023-22656[0]: | Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL | software before version 23.3.5 may allow an authenticated user to | potentially enable escalation of privilege via local access. CVE-2023-45221[1]: | Improper buffer restrictions in Intel(R) Media SDK all versions may | allow an authenticated user to potentially enable escalation of | privilege via local access. CVE-2023-47169[2]: | Improper buffer restrictions in Intel(R) Media SDK software all | versions may allow an authenticated user to potentially enable | denial of service via local access. CVE-2023-47282[3]: | Out-of-bounds write in Intel(R) Media SDK all versions and some | Intel(R) oneVPL software before version 23.3.5 may allow an | authenticated user to potentially enable escalation of privilege via | local access. CVE-2023-48368[4]: | Improper input validation in Intel(R) Media SDK software all | versions may allow an authenticated user to potentially enable | denial of service via local access. CVE-2023-48727[5]: | NULL pointer dereference in some Intel(R) oneVPL software before | version 23.3.5 may allow an authenticated user to potentially enable | information disclosure via local access. Sadly there's no specific information, just the very high level advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-22656 https://www.cve.org/CVERecord?id=CVE-2023-22656 [1] https://security-tracker.debian.org/tracker/CVE-2023-45221 https://www.cve.org/CVERecord?id=CVE-2023-45221 [2] https://security-tracker.debian.org/tracker/CVE-2023-47169 https://www.cve.org/CVERecord?id=CVE-2023-47169 [3] https://security-tracker.debian.org/tracker/CVE-2023-47282 https://www.cve.org/CVERecord?id=CVE-2023-47282 [4] https://security-tracker.debian.org/tracker/CVE-2023-48368 https://www.cve.org/CVERecord?id=CVE-2023-48368 [5] https://security-tracker.debian.org/tracker/CVE-2023-48727 https://www.cve.org/CVERecord?id=CVE-2023-48727 Please adjust the affected versions in the BTS as needed.
