CVE-2022-26083

High

Published: 14 February 2025

Published

14 February 2025

Modified

02 September 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

EPSS Score 0.0013 31.5th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Generation of weak initialization vector in an Intel(R) IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via local access.

Security Summary

CVE-2022-26083 affects the Intel(R) IPP Cryptography software library in versions prior to 2021.5, where the generation of weak initialization vectors occurs. This vulnerability, tied to CWE-1204, carries a CVSS v3.1 base score of 7.5 (AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N) and was published on 2025-02-14.

A local attacker with low privileges can exploit this high-complexity issue without user interaction. Although described as allowing an unauthenticated user via local access, the CVSS metrics indicate low-privilege requirements. Successful exploitation may enable information disclosure with high confidentiality and integrity impacts, along with a changed scope, but no availability disruption.

Intel Security Advisory INTEL-SA-00667 provides details on the vulnerability and mitigation at https://intel.com/content/www/us/en/security-center/advisory/intel-sa-00667.html.

Details

CWE(s): CWE-1204

Affected Products

intel

integrated performance primitives cryptography

≤ 2021.5

References

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-00667.html
Vendor Advisory · secure@intel.com