CVE-2022-41984 - Vulnerability Details - OpenCVE

Protection mechanism failure for some Intel(R) Arc(TM) graphics cards A770 and A750 Limited Edition sold between October of 2022 and December of 2022 may allow a privileged user to potentially enable denial of service via local access.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00028.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Intel Subscribe	Arc A750 Subscribe Arc A750 Firmware Subscribe Arc A770 Subscribe Arc A770 Firmware Subscribe

Configuration 1 [-]

AND

cpe:2.3:o:intel:arc_a750_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:arc_a750:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:intel:arc_a770_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:arc_a770:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-45088	Protection mechanism failure for some Intel(R) Arc(TM) graphics cards A770 and A750 Limited Edition sold between October of 2022 and December of 2022 may allow a privileged user to potentially enable denial of service via local access.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00812.html

History

Wed, 02 Oct 2024 14:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2023-08-11T02:36:58.992Z

Updated: 2024-10-02T14:02:17.944Z

Reserved: 2022-10-12T03:00:03.781Z

Link: CVE-2022-41984

Vulnrichment

Updated: 2024-08-03T12:56:39.199Z

NVD

Status : Modified

Published: 2023-08-11T03:15:15.307

Modified: 2024-11-21T07:24:12.877

Link: CVE-2022-41984

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-41984", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "state": "PUBLISHED", "assignerShortName": "intel", "dateReserved": "2022-10-12T03:00:03.781Z", "datePublished": "2023-08-11T02:36:58.992Z", "dateUpdated": "2024-10-02T14:02:17.944Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2023-09-06T13:46:17.828Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "denial of service"}, {"lang": "en", "description": "Protection mechanism failure", "cweId": "CWE-693", "type": "CWE"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) Arc(TM) graphics cards A770 and A750 Limited Edition", "versions": [{"version": "sold between October of 2022 and December of 2022", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Protection mechanism failure for some Intel(R) Arc(TM) graphics cards A770 and A750 Limited Edition sold between October of 2022 and December of 2022 may allow a privileged user to potentially enable denial of service via local access."}], "references": [{"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00812.html", "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00812.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 4.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:56:39.199Z"}, "title": "CVE Program Container", "references": [{"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00812.html", "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00812.html", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-02T13:57:51.230687Z", "id": "CVE-2022-41984", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T14:02:17.944Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00812.html", "name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00812.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:56:39.199Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-41984", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-02T13:57:51.230687Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T14:02:12.808Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) Arc(TM) graphics cards A770 and A750 Limited Edition", "versions": [{"status": "affected", "version": "sold between October of 2022 and December of 2022"}], "defaultStatus": "unaffected"}], "references": [{"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00812.html", "name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00812.html"}], "descriptions": [{"lang": "en", "value": "Protection mechanism failure for some Intel(R) Arc(TM) graphics cards A770 and A750 Limited Edition sold between October of 2022 and December of 2022 may allow a privileged user to potentially enable denial of service via local access."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "denial of service"}, {"lang": "en", "type": "CWE", "cweId": "CWE-693", "description": "Protection mechanism failure"}]}], "providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2023-09-06T13:46:17.828Z"}}}, "cveMetadata": {"cveId": "CVE-2022-41984", "state": "PUBLISHED", "dateUpdated": "2024-10-02T14:02:17.944Z", "dateReserved": "2022-10-12T03:00:03.781Z", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "datePublished": "2023-08-11T02:36:58.992Z", "assignerShortName": "intel"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:arc_a750_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "720400DE-6327-473C-B50B-AB9477912723", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:arc_a750:-:*:*:*:*:*:*:*", "matchCriteriaId": "E92E63D9-B5E9-49F7-B96F-9C4BE6B8F41C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:arc_a770_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "605707F5-7F3E-4336-A8FA-BCB61AE6E751", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:arc_a770:-:*:*:*:*:*:*:*", "matchCriteriaId": "BE38F333-3BA1-4C84-A311-5DFC90A0BEAA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Protection mechanism failure for some Intel(R) Arc(TM) graphics cards A770 and A750 Limited Edition sold between October of 2022 and December of 2022 may allow a privileged user to potentially enable denial of service via local access."}, {"lang": "es", "value": "El fallo del mecanismo de protecci\u00f3n de algunas tarjetas gr\u00e1ficas Intel(R) Arc(TM) A770 y A750 Limited Edition vendidas entre octubre de 2022 y diciembre de 2022 puede permitir a un usuario con privilegios habilitar potencialmente la denegaci\u00f3n de servicio mediante acceso local."}], "id": "CVE-2022-41984", "lastModified": "2024-11-21T07:24:12.877", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "secure@intel.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-11T03:15:15.307", "references": [{"source": "secure@intel.com", "tags": ["Vendor Advisory"], "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00812.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00812.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-693"}], "source": "secure@intel.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}