Login Sign Up

CVE-2022-26083

7.5 HIGH

📋 TL;DR

This vulnerability in Intel IPP Cryptography software allows local attackers to potentially access sensitive information due to weak initialization vectors in cryptographic operations. It affects systems using Intel IPP Cryptography library versions before 2021.5, primarily impacting applications that rely on this library for cryptographic functions.

💻 Affected Systems

Products:
  • Intel Integrated Performance Primitives Cryptography software library
Versions: All versions before 2021.5
Operating Systems: All operating systems using affected Intel IPP Cryptography library
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the cryptographic library itself, affecting any application that uses it for cryptographic operations.

📦 What is this software?

Integrated Performance Primitives Cryptography by Intel

View all CVEs affecting Integrated Performance Primitives Cryptography →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker could decrypt sensitive data protected by weak cryptographic operations, potentially exposing credentials, encryption keys, or other confidential information.

🟠

Likely Case

Information disclosure of data encrypted using affected library functions, potentially compromising application security and data confidentiality.

🟢

If Mitigated

Limited impact if proper access controls restrict local user privileges and sensitive data is protected by additional security layers.

🌐 Internet-Facing: LOW - Requires local access, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Local attackers with access to affected systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and understanding of cryptographic weaknesses. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Intel IPP Cryptography library version 2021.5 or later

Vendor Advisory: https://intel.com/content/www/us/en/security-center/advisory/intel-sa-00667.html

Restart Required: No

Instructions:

1. Download Intel IPP Cryptography library version 2021.5 or later from Intel's official distribution channels. 2. Replace the vulnerable library files with updated versions. 3. Recompile or restart applications using the library if necessary.

🔧 Temporary Workarounds

Disable affected cryptographic functions

all

Identify and disable usage of vulnerable cryptographic functions in applications

Implement additional encryption layers

all

Add additional encryption/security layers to protect sensitive data

🧯 If You Can't Patch

  • Restrict local access to affected systems using strict access controls
  • Monitor for unusual cryptographic operations or data access patterns

🔍 How to Verify

Check if Vulnerable:

Check Intel IPP Cryptography library version using system package manager or by examining library files. Vulnerable if version < 2021.5.

Check Version:

Check with system package manager (e.g., 'rpm -qa | grep ipp-crypto' on RHEL, 'dpkg -l | grep ipp-crypto' on Debian/Ubuntu) or examine library files directly.

Verify Fix Applied:

Verify library version is 2021.5 or later and check that applications are using the updated library.

📡 Detection & Monitoring

Log Indicators:

  • Unusual cryptographic operations
  • Multiple failed cryptographic operations
  • Library loading errors

Network Indicators:

  • Not applicable - local vulnerability

SIEM Query:

Search for processes loading Intel IPP Cryptography library and monitor for cryptographic operation failures or unusual patterns.

📊 Metadata

CVE ID: CVE-2022-26083
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
CWE: CWE-1204
EPSS Score: 0.06% exploit probability (17.9th percentile)
Published: February 14, 2025
Last Updated: September 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON