Intel ID: INTEL-SA-00202
Advisory Category: Software
Impact of vulnerability: Information Disclosure
Severity rating: MEDIUM
Original release: 12/05/2018
Last revised: 12/05/2018

Summary:

A potential security vulnerability in Intel® IPP may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability.

Vulnerability Details:

CVEID: CVE-2018-12155

Description: Data leakage in cryptographic libraries for Intel(R) IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 4.7 Medium

CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

Intel® IPP releases before 2019 update1.

Recommendations:

Intel recommends that users of Intel® IPP update to 2019 update1 or later.

Updates are available for download at this location: https://software.intel.com/en-us/intel-ipp

Acknowledgements:

Intel would like to thank an Wichelmann (Universität zu Lübeck), Ahmad Moghimi (Worcester Polytechnic Institute), Thomas Eisenbarth (Universität zu Lübeck) and Berk Sunar (Worcester Polytechnic Institute) for reporting this issue and working with us on coordinated disclosure.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are deployed.

Revision History

Revision Date Description
1.0 12/05/2918 Initial Release

Source: INTEL-SA-simple-template