{"id":"CVE-2023-22840","details":"Improper neutralization in software for the Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable denial of service via local access.","modified":"2026-04-12T01:01:15.496641Z","published":"2023-08-11T03:15:17.750Z","references":[{"type":"ADVISORY","url":"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00818.html"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J7RNFPWOSFII2JE2KDRHPLJANZC3YATW/"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L27GRS7E45IOCZ44VQX2NJ33GVRBWHBS/"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TULYSWHC3X76AIGGMUSLBTWOXNND6IEV/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/oneapi-src/onevpl-intel-gpu","events":[{"introduced":"0"},{"fixed":"e74a3ce334b52577081e14a1656f74ccb3f1ef69"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"22.6.5"}]}}],"versions":["intel-onevpl-21.3.0","intel-onevpl-21.3.1","intel-onevpl-21.3.2","intel-onevpl-21.3.3","intel-onevpl-21.3.4","intel-onevpl-21.4.0","intel-onevpl-21.4.1","intel-onevpl-21.4.2","intel-onevpl-21.4.3","intel-onevpl-22.1.0","intel-onevpl-22.2.0","intel-onevpl-22.2.1","intel-onevpl-22.3.0","intel-onevpl-22.4.0","intel-onevpl-22.4.1","intel-onevpl-22.4.2","intel-onevpl-22.4.3","intel-onevpl-22.4.4","intel-onevpl-22.5.0","intel-onevpl-22.5.1","intel-onevpl-22.5.2","intel-onevpl-22.5.3","intel-onevpl-22.6.0","intel-onevpl-22.6.1","intel-onevpl-22.6.2","intel-onevpl-22.6.3","intel-onevpl-22.6.4"],"database_specific":{"vanir_signatures_modified":"2026-04-12T01:01:15Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"37"}]},{"events":[{"introduced":"0"},{"last_affected":"38"}]},{"events":[{"introduced":"0"},{"last_affected":"39"}]}],"vanir_signatures":[{"digest":{"length":3429,"function_hash":"58968368041516948208123275748297229214"},"signature_type":"Function","id":"CVE-2023-22840-25ace10a","target":{"file":"_studio/shared/src/mfx_umc_alloc_wrapper.cpp","function":"mfx_UMC_FrameAllocator::SetCurrentMFXSurface"},"source":"https://github.com/oneapi-src/onevpl-intel-gpu/commit/e74a3ce334b52577081e14a1656f74ccb3f1ef69","deprecated":false,"signature_version":"v1"},{"digest":{"line_hashes":["127815607185161824860268287546718453980","320115815778025591393491370225689512979","315784990419394202010625698347752066775","226153859941423935464128588724854864132","63882282617262175192406149549634155181"],"threshold":0.9},"signature_type":"Line","id":"CVE-2023-22840-722bea7a","target":{"file":"_studio/shared/include/libmfx_allocator.h"},"source":"https://github.com/oneapi-src/onevpl-intel-gpu/commit/e74a3ce334b52577081e14a1656f74ccb3f1ef69","deprecated":false,"signature_version":"v1"},{"digest":{"length":169,"function_hash":"166194482671779221226986818525971932913"},"signature_type":"Function","id":"CVE-2023-22840-960306a4","target":{"file":"_studio/shared/src/mfx_umc_alloc_wrapper.cpp","function":"mfx_UMC_FrameAllocator::SetExternalFramesResponse"},"source":"https://github.com/oneapi-src/onevpl-intel-gpu/commit/e74a3ce334b52577081e14a1656f74ccb3f1ef69","deprecated":false,"signature_version":"v1"},{"digest":{"line_hashes":["312039055150589112433810206245891106824","320238461323602488822557772577769763670","281548539844001982204582923362471732893","299102011061710755517849413895160034721","272378930111953665384239869673881446970","80390843166064787806488337265028646338","4793327656027705016188399618560158622","101893365487331466771595779946331630272","61737317376152588170580725589360271480","323400590524608318649401392112789176879","261420573773080343049606690066634241054","38035435321234733549026979257608523660","4966413660044547460187952293327576036","146288751282928618348218941670333010870","150424730437380912621711475676886632662","75407180318704451699303769443305508093","332010472085322347507087666856049141212","80390843166064787806488337265028646338","308927958202073851913638076810067896685","51469739986747637697535844126917473040","18467009235161361035017670003927240090","25333513848265915865036510419078575285","237226826838613570956912097638078780427","105605137058827540951530958664419267910","303823492711345530028796990053148974681","251592243562671956060082369307712597300","23394590075771910777315139314438061302","255389278390388517230700109489640307201","267078642952274299384019515691713970288","148861462883186538828775868964476682967","313749585045524531825877682474861955682","127066892490578360446488640645209527264"],"threshold":0.9},"signature_type":"Line","id":"CVE-2023-22840-e760bae3","target":{"file":"_studio/shared/src/mfx_umc_alloc_wrapper.cpp"},"source":"https://github.com/oneapi-src/onevpl-intel-gpu/commit/e74a3ce334b52577081e14a1656f74ccb3f1ef69","deprecated":false,"signature_version":"v1"},{"digest":{"length":4732,"function_hash":"25905277892014686129021884217089663925"},"signature_type":"Function","id":"CVE-2023-22840-ead899c8","target":{"file":"_studio/shared/src/mfx_umc_alloc_wrapper.cpp","function":"SurfaceSource::SurfaceSource"},"source":"https://github.com/oneapi-src/onevpl-intel-gpu/commit/e74a3ce334b52577081e14a1656f74ccb3f1ef69","deprecated":false,"signature_version":"v1"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22840.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}