Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-27391

Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local access.

Published

2023-08-11T03:15:21.893

Last Modified

2024-11-21T07:52:48.887

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

Weaknesses

Type: Secondary
CWE-284
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	intel	advisor_for_oneapi	< 2023.1	Yes
Application	intel	cpu_runtime_for_opencl_applications	< 2023.1	Yes
Application	intel	distribution_for_python_programming_language	< 2023.1	Yes
Application	intel	dpc\+\+_compatibility_tool	< 2023.1	Yes
Application	intel	embree_ray_tracing_kernel_library	< 2023.1	Yes
Application	intel	fortran_compiler	< 2023.1	Yes
Application	intel	implicit_spmd_program_compiler	< 1.19.1	Yes
Application	intel	inspector_for_oneapi	< 2023.1	Yes
Application	intel	integrated_performance_primitives	< 2021.8	Yes
Application	intel	ipp_cryptography	< 2021.7.0	Yes
Application	intel	mpi_library	< 2021.9.0	Yes
Application	intel	oneapi_base_toolkit	< 2023.1	Yes
Application	intel	oneapi_data_analytics_library	< 2023.1	Yes
Application	intel	oneapi_deep_neural_network_library	< 2023.1	Yes
Application	intel	oneapi_dpc\+\+\/c\+\+_compiler	< 2023.1	Yes
Application	intel	oneapi_dpc\+\+_library_\(onedpl\)	< 2022.1	Yes
Application	intel	oneapi_hpc_toolkit	< 2023.1	Yes
Application	intel	oneapi_iot_toolkit	< 2023.1	Yes
Application	intel	oneapi_math_kernel_library	< 2023.1	Yes
Application	intel	oneapi_rendering_toolkit	< 2023.1	Yes
Application	intel	oneapi_threading_building_blocks	< 2021.9.0	Yes
Application	intel	oneapi_toolkit_and_component_software_installer	< 4.3.1.493	Yes
Application	intel	oneapi_video_processing_library	< 2023.1	Yes
Application	intel	open_image_denoise	< 1.4.3	Yes
Application	intel	open_volume_kernel_library	< 2023.1	Yes
Application	intel	ospray	< 2023.1	Yes
Application	intel	ospray_studio	< 2023.1	Yes
Application	intel	trace_analyzer_and_collector	< 2021.9.0	Yes
Application	intel	vtune_profiler_for_oneapi	< 2023.1	Yes

References

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html Vendor Advisory ([email protected])
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)