CVE-2022-26083

High

Published: 14 February 2025

Published

14 February 2025

Modified

02 September 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

EPSS Score 0.0013 31.4th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-26083 is a high-severity IV (CWE-1204) vulnerability in Intel Integrated Performance Primitives Cryptography. Its CVSS base score is 7.5 (High).

Operationally, ranked at the 31.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly requires identification, reporting, and correction of the weak IV generation flaw in Intel IPP Cryptography library versions prior to 2021.5 via timely patching.

SC-13 Cryptographic Protection partial match

prevent

Mandates use of approved cryptographic standards and mechanisms that protect confidentiality and integrity, mitigating risks from weak IVs in cryptography libraries.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

Requires vulnerability scanning to identify presence of vulnerable Intel IPP Cryptography library versions, enabling proactive remediation.

NVD Description

Generation of weak initialization vector in an Intel(R) IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via local access.

Deeper analysisAI

CVE-2022-26083 affects the Intel(R) IPP Cryptography software library in versions prior to 2021.5, where the generation of weak initialization vectors occurs. This vulnerability, tied to CWE-1204, carries a CVSS v3.1 base score of 7.5 (AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N) and was published on 2025-02-14.

A local attacker with low privileges can exploit this high-complexity issue without user interaction. Although described as allowing an unauthenticated user via local access, the CVSS metrics indicate low-privilege requirements. Successful exploitation may enable information disclosure with high confidentiality and integrity impacts, along with a changed scope, but no availability disruption.

Intel Security Advisory INTEL-SA-00667 provides details on the vulnerability and mitigation at https://intel.com/content/www/us/en/security-center/advisory/intel-sa-00667.html.

Details

CWE(s): CWE-1204

Affected Products

intel

integrated performance primitives cryptography

≤ 2021.5

CVEs Like This One

CVE-2024-31858Same vendor: Intel

CVE-2024-29223Same vendor: Intel

CVE-2025-24299Same vendor: Intel

CVE-2026-25998Shared CWE-1204

CVE-2026-5087Shared CWE-1204

CVE-2021-44228Same vendor: Intel

References

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-00667.html
Vendor Advisory · secure@intel.com