Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-22355

Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local access.

Published

2023-05-10T14:15:27.240

Last Modified

2024-11-21T07:44:37.140

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

Weaknesses

Type: Secondary
CWE-427
Type: Primary
CWE-427

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	intel	advisor	< 2023.0	Yes
Application	intel	cpu_runtime	< 2023.0	Yes
Application	intel	distribution_for_python	< 2023.0	Yes
Application	intel	dpc\+\+_compatibility_tool	< 2023.0	Yes
Application	intel	embree_ray_tracing_kernel_library	< 2023.0	Yes
Application	intel	fortran_compiler	< 2023.0	Yes
Application	intel	implicit_spmd_program_compiler	< 1.18.1	Yes
Application	intel	inspector	< 2023.0	Yes
Application	intel	integrated_performance_primitives	< 2021.7	Yes
Application	intel	integrated_performance_primitives_cryptography	< 2021.6.3	Yes
Application	intel	mpi_library	< 2021.8	Yes
Application	intel	oneapi_base_toolkit	< 2023.0	Yes
Application	intel	oneapi_data_analytics_library	< 2023.0	Yes
Application	intel	oneapi_deep_neural_network_library	< 2023.0	Yes
Application	intel	oneapi_dpc\+\+\/c\+\+_compiler	< 2023.0	Yes
Application	intel	oneapi_dpc\+\+_library	< 2022.0	Yes
Application	intel	oneapi_hpc_toolkit	< 2023.0.0	Yes
Application	intel	oneapi_hpc_toolkit	2023.0.0	Yes
Application	intel	oneapi_iot_toolkit	< 2023.0	Yes
Application	intel	oneapi_math_kernel_library	< 2023.0	Yes
Application	intel	oneapi_rendering_toolkit	< 2023.0	Yes
Application	intel	oneapi_threading_building_blocks	< 2021.8	Yes
Application	intel	oneapi_toolkit_and_component_software_installers	< 4.3.0.251	Yes
Application	intel	oneapi_video_processing_library	< 2023.0	Yes
Application	intel	open_image_denoise	< 1.4.3	Yes
Application	intel	open_volume_kernel_library	< 2023.0	Yes
Application	intel	ospray	< 2023.0	Yes
Application	intel	ospray_studio	< 2023.0	Yes
Application	intel	trace_analyzer_and_collector	< 2021.8.0	Yes
Application	intel	vtune_profiler	< 2023.0	Yes

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00819.html Vendor Advisory ([email protected])
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00819.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)