Intel® oneAPI Toolkit Advisory

Summary:

A potential security vulnerability in Intel® oneAPI Toolkits may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability.

Vulnerability Details:

CVEID: CVE-2023-29242

Description: Improper access control for Intel® oneAPI Toolkits before version 2021.1 Beta 10 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H****

Affected Products:

All Intel® oneAPI Toolkits (Base, HPC, IoT, AI, DLFD, Rendering) before version 2021.1 Beta 10.

Recommendations:

Intel recommends updating Intel® oneAPI Toolkits to version 2021.1 Beta 10 or later.

Manual removal of all installed Beta versions prior to version 2021.1 Beta 10 is required, this removal is not done automatically.

Updates are available for download at this location: <https://software.intel.com/content/www/us/en/develop/tools/oneapi/all-toolkits.html&gt;

Acknowledgements:

Intel would like to thank houjingyi for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.