PT-2024-8785 · Intel+1 · Intel Qat Engine For Openssl+1

Alicja Kario

Published

2024-11-12

Updated

2025-11-11

CVE-2024-28885

CVSS v4.0

8.2

High

Vector

AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: Intel QAT Engine for OpenSSL versions prior to v1.6.1

Description: The issue is related to an observable discrepancy in the Intel QAT Engine for OpenSSL software, which may allow information disclosure via network access. This could potentially enable an attacker to reveal protected information.

Recommendations: For versions prior to v1.6.1, update to version v1.6.1 or later to resolve the issue. As a temporary workaround, consider restricting network access to the Intel QAT Engine for OpenSSL software until the update is applied.

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203

Related Identifiers

BDU:2024-10411

CVE-2024-28885

SUSE-SU-2025:3942-1

SUSE-SU-2025:3943-1

SUSE-SU-2025:4053-1

SUSE-SU-2025_3942-1

SUSE-SU-2025_3943-1

SUSE-SU-2025_4053-1

Affected Products

Intel Qat Engine For Openssl

Suse

PT-2024-8785 · Intel+1 · Intel Qat Engine For Openssl+1

CVE-2024-28885

Weakness Enumeration

Related Identifiers

Affected Products

References · 16