Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-28823

Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local access.

Published

2023-08-11T03:15:26.530

Last Modified

2024-11-21T07:56:05.053

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

Weaknesses

Type: Secondary
CWE-427
Type: Primary
CWE-427

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	intel	advisor_for_oneapi	< 2023.1	Yes
Application	intel	cpu_runtime_for_opencl_applications	< 2023.1	Yes
Application	intel	distribution_for_python_programming_language	< 2023.1	Yes
Application	intel	dpc\+\+_compatibility_tool	< 2023.1	Yes
Application	intel	embree_ray_tracing_kernel_library	< 2023.1	Yes
Application	intel	fortran_compiler	< 2023.1	Yes
Application	intel	implicit_spmd_program_compiler	< 1.19.1	Yes
Application	intel	inspector_for_oneapi	< 2023.1	Yes
Application	intel	integrated_performance_primitives	< 2021.8	Yes
Application	intel	ipp_cryptography	< 2021.7.0	Yes
Application	intel	mpi_library	< 2021.9.0	Yes
Application	intel	oneapi_base_toolkit	< 2023.1	Yes
Application	intel	oneapi_data_analytics_library	< 2023.1	Yes
Application	intel	oneapi_deep_neural_network_library	< 2023.1	Yes
Application	intel	oneapi_dpc\+\+\/c\+\+_compiler	< 2023.1	Yes
Application	intel	oneapi_dpc\+\+_library_\(onedpl\)	< 2022.1	Yes
Application	intel	oneapi_hpc_toolkit	< 2023.1	Yes
Application	intel	oneapi_iot_toolkit	< 2023.1	Yes
Application	intel	oneapi_math_kernel_library	< 2023.1	Yes
Application	intel	oneapi_rendering_toolkit	< 2023.1	Yes
Application	intel	oneapi_threading_building_blocks	< 2021.9.0	Yes
Application	intel	oneapi_toolkit_and_component_software_installer	< 4.3.1.493	Yes
Application	intel	oneapi_video_processing_library	< 2023.1	Yes
Application	intel	open_image_denoise	< 1.4.3	Yes
Application	intel	open_volume_kernel_library	< 2023.1	Yes
Application	intel	ospray	< 2023.1	Yes
Application	intel	ospray_studio	< 2023.1	Yes
Application	intel	trace_analyzer_and_collector	< 2021.9.0	Yes
Application	intel	vtune_profiler_for_oneapi	< 2023.1	Yes

References

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html Vendor Advisory ([email protected])
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)