-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability is an out-of-bounds read in Intel Media SDK and oneVPL software. The provided commit 0eace259e95eebf6db652fedca82f7fe0a27536e from the oneapi-src/oneVPL repository, titled "Check pointers before dereference", modifies the Config3dlut function in tools/legacy/sample_vpp/src/sample_vpp_config.cpp.
The changes involve adding null checks for pParams->lutTbl.data() and data (which is assigned pParams->lutTbl.data()) before these pointers are used. Specifically, fread operates on pParams->lutTbl.data(). If pParams->lutTbl.data() were null and fread was called, it would lead to a crash or undefined behavior, potentially an out-of-bounds read if lutTblSize was non-zero. Similarly, later in the function, data is used to initialize pParams->RGB arrays. A null data pointer here would also lead to a crash or undefined behavior.
While the commit message mentions "Check pointers before dereference", which directly addresses null pointer issues, an out-of-bounds read can occur if a pointer is not null but points to an insufficiently sized buffer, or if an operation (like fread) attempts to read more data than the buffer can hold. The added null checks are a mitigation for a potential null pointer dereference, which is a common cause of crashes and can sometimes lead to out-of-bounds reads or writes if not handled correctly. The vulnerability description mentions "Out-of-bounds read", and while the patch directly fixes a null dereference, it's within a function that handles data loading (fread) based on lutTblSize. If lutTblSize was erroneously large and pParams->lutTbl.data() pointed to a smaller, valid buffer, an out-of-bounds read could still occur. However, the direct evidence in the patch points to a null pointer dereference being mitigated. The function Config3dlut is identified as vulnerable because it processes input data (.3dlut file) and, prior to the patch, lacked necessary checks that could lead to reading from an invalid memory location (null pointer), which is a form of out-of-bounds read (reading from address zero).
Ongoing coverage of React2Shell