CVE-2023-24478
Description
Insufficient randomness in Intel Agilex software in Quartus Prime Pro for Linux before 22.4 allows authenticated users to disclose information locally.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Insufficient randomness in Intel Agilex software in Quartus Prime Pro for Linux before 22.4 allows authenticated users to disclose information locally.
Vulnerability
The vulnerability exists in Intel Agilex software included with Intel(R) Quartus(R) Prime Pro Edition for Linux versions before 22.4. It involves the use of insufficiently random values, leading to predictable cryptographic or security-sensitive outputs. Affected versions are all prior to 22.4 on Linux. [1]
Exploitation
An attacker must have authenticated access to the local system running the affected software. No special privileges beyond authentication are required, but local access is necessary. The attacker can exploit the insufficient randomness to predict values, potentially leading to information disclosure.
Impact
Successful exploitation allows an authenticated local attacker to achieve information disclosure, compromising confidentiality of sensitive data processed by the Agilex software.
Mitigation
Intel released version 22.4 of Quartus Prime Pro Edition for Linux which addresses this issue. Users should update to this version or later. No workarounds are documented in the available advisory. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Intel/Agilex softwaredescription
- Range: <22.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.