CVE-2024-31074

CVSS v4.0

8.2

High

Vector

AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: Intel(R) QAT Engine for OpenSSL versions prior to v1.6.1

Description: The issue is related to an observable timing discrepancy in the Intel(R) QAT Engine for OpenSSL software, which may allow information disclosure via network access. This discrepancy can be exploited by manipulating an unknown input, leading to a timing discrepancy vulnerability. The exploitation of this issue can enable an attacker to disclose protected information.

Recommendations: For versions prior to v1.6.1, update to version v1.6.1 or later to resolve the issue. As a temporary workaround, consider restricting network access to the Intel(R) QAT Engine for OpenSSL software until a patch is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-208

Related Identifiers

BDU:2024-10476

CVE-2024-31074

SUSE-SU-2025:3942-1

SUSE-SU-2025:3943-1

SUSE-SU-2025:4053-1

Affected Products

Intel Qat Engine For Openssl

Suse

CVE-2024-31074

Weakness Enumeration

Related Identifiers

Affected Products

References · 17