Details of VAR-202302-1205

ID

VAR-202302-1205

CVE

CVE-2022-34841

TITLE

Intel's media software development kit Buffer error vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-019527

DESCRIPTION

Improper buffer restrictions in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel's media software development kit Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-34841 // JVNDB: JVNDB-2022-019527 // VULHUB: VHN-431267 // VULMON: CVE-2022-34841

AFFECTED PRODUCTS

vendor:	intel	model:	media software development kit	scope:	lt	version:	22.2.2	Trust: 1.0
vendor:	インテル	model:	media software development kit	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	media software development kit	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	media software development kit	scope:	eq	version:	22.2.2	Trust: 0.8

sources: JVNDB: JVNDB-2022-019527 // NVD: CVE-2022-34841

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-34841
value:	HIGH
Trust: 1.0
secure@intel.com:	CVE-2022-34841
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-34841
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202302-1324
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-34841
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
secure@intel.com:	CVE-2022-34841
baseSeverity:	MEDIUM
baseScore:	5.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.5
impactScore:	3.7
version:	3.1
Trust: 1.0
NVD:	CVE-2022-34841
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-019527 // CNNVD: CNNVD-202302-1324 // NVD: CVE-2022-34841 // NVD: CVE-2022-34841

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.1
problemtype:	Buffer error (CWE-119) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-431267 // JVNDB: JVNDB-2022-019527 // NVD: CVE-2022-34841

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-1324

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202302-1324

PATCH

title:

Intel Media SDK Buffer error vulnerability fix

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=226772

Trust: 0.6

sources: CNNVD: CNNVD-202302-1324

EXTERNAL IDS

db:	NVD	id:	CVE-2022-34841	Trust: 3.4
db:	JVN	id:	JVNVU91223897	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-019527	Trust: 0.8
db:	AUSCERT	id:	ESB-2023.0905	Trust: 0.6
db:	CNNVD	id:	CNNVD-202302-1324	Trust: 0.6
db:	VULHUB	id:	VHN-431267	Trust: 0.1
db:	VULMON	id:	CVE-2022-34841	Trust: 0.1

sources: VULHUB: VHN-431267 // VULMON: CVE-2022-34841 // JVNDB: JVNDB-2022-019527 // CNNVD: CNNVD-202302-1324 // NVD: CVE-2022-34841

REFERENCES

url:	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00731.html	Trust: 2.6
url:	https://jvn.jp/vu/jvnvu91223897/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-34841	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2023.0905	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-34841/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-431267 // VULMON: CVE-2022-34841 // JVNDB: JVNDB-2022-019527 // CNNVD: CNNVD-202302-1324 // NVD: CVE-2022-34841

SOURCES

db:	VULHUB	id:	VHN-431267
db:	VULMON	id:	CVE-2022-34841
db:	JVNDB	id:	JVNDB-2022-019527
db:	CNNVD	id:	CNNVD-202302-1324
db:	NVD	id:	CVE-2022-34841

LAST UPDATE DATE

2024-08-14T12:19:57.516000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-431267	date:	2023-02-24T00:00:00
db:	VULMON	id:	CVE-2022-34841	date:	2023-02-17T00:00:00
db:	JVNDB	id:	JVNDB-2022-019527	date:	2023-10-26T02:19:00
db:	CNNVD	id:	CNNVD-202302-1324	date:	2023-02-27T00:00:00
db:	NVD	id:	CVE-2022-34841	date:	2023-02-24T20:57:57.900

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-431267	date:	2023-02-16T00:00:00
db:	VULMON	id:	CVE-2022-34841	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2022-019527	date:	2023-10-26T00:00:00
db:	CNNVD	id:	CNNVD-202302-1324	date:	2023-02-16T00:00:00
db:	NVD	id:	CVE-2022-34841	date:	2023-02-16T21:15:12.757