Login Sign Up

CVE-2022-36369

7.8 HIGH

📋 TL;DR

This vulnerability in Intel QATzip software allows authenticated users with local access to potentially escalate privileges due to improper access control. It affects systems running QATzip versions before 1.0.9. The issue could enable attackers to gain higher privileges than intended on affected systems.

💻 Affected Systems

Products:
  • Intel QATzip software
Versions: All versions before 1.0.9
Operating Systems: Linux (primary), potentially other OS where QATzip is deployed
Default Config Vulnerable: ⚠️ Yes
Notes: Requires QATzip to be installed and accessible to authenticated users. Systems using Intel QuickAssist Technology acceleration may be affected.

📦 What is this software?

Qatzip by Intel

View all CVEs affecting Qatzip →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker could gain root/administrator privileges on the system, potentially leading to complete system compromise, data theft, or installation of persistent malware.

🟠

Likely Case

Authenticated users could elevate their privileges to perform unauthorized actions, access restricted data, or modify system configurations beyond their intended permissions.

🟢

If Mitigated

With proper access controls and least privilege principles, the impact is limited to authorized users who might gain slightly elevated privileges within their operational scope.

🌐 Internet-Facing: LOW - Requires local access and authentication, making remote exploitation unlikely unless combined with other vulnerabilities.
🏢 Internal Only: MEDIUM - Internal authenticated users could exploit this to escalate privileges, posing insider threat risks.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires authenticated local access and knowledge of the vulnerability. No public exploit code has been disclosed as of the advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.9

Vendor Advisory: http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00765.html

Restart Required: Yes

Instructions:

1. Download QATzip version 1.0.9 or later from Intel's official sources. 2. Stop any services using QATzip. 3. Install the updated version following Intel's installation guide. 4. Restart affected services or the system.

🔧 Temporary Workarounds

Restrict QATzip access

linux

Limit access to QATzip components to only necessary users and applications

chmod 750 /path/to/qatzip/directory
chown root:trustedgroup /path/to/qatzip/directory

Implement strict user privilege separation

all

Ensure users have minimal necessary privileges and cannot access QATzip functionality beyond their role

🧯 If You Can't Patch

  • Implement strict access controls to limit which users can interact with QATzip components
  • Monitor for privilege escalation attempts and unusual user activity on systems with QATzip installed

🔍 How to Verify

Check if Vulnerable:

Check QATzip version: qzip --version or examine installed package version

Check Version:

qzip --version 2>/dev/null || dpkg -l | grep qatzip || rpm -qa | grep qatzip

Verify Fix Applied:

Verify installed version is 1.0.9 or later and test that authenticated users cannot perform unauthorized privileged operations

📡 Detection & Monitoring

Log Indicators:

  • Unusual privilege escalation attempts
  • Failed access control events in system logs
  • Unexpected QATzip process execution by non-privileged users

Network Indicators:

  • Local privilege escalation typically doesn't generate network traffic unless combined with other attacks

SIEM Query:

source="system_logs" AND (event_type="privilege_escalation" OR process_name="qzip" OR process_name="qatzip") AND user!="root"

📊 Metadata

CVE ID: CVE-2022-36369
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: February 16, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON