Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00771
HistoryMay 09, 2023 - 12:00 a.m.

Intel® VTuneTM Profiler Advisory

2023-05-0900:00:00
Intel Security Center
www.intel.com
10
security vulnerabilities
cve-2022-41982
uncontrolled search path
cve-2022-41658
insecure inherited permissions
intel® oneapi base toolkit
intel® system bring-up toolkit
software updates
coordinated disclosure

0.0004 Low

EPSS

Percentile

9.1%

JSON

Summary:

Potential security vulnerabilities in the Intel® VTune™ Profiler software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2022-41982

Description: Uncontrolled search path element in the Intel® VTune™ Profiler software before version 2023.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVEID: CVE-2022-41658

Description: Insecure inherited permissions in the Intel® VTune™ Profiler software before version 2023.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected Products:

Intel® VTune™ Profiler software before version 2023.0.

Intel® VTune™ Profiler software is included as part of the Intel® oneAPI Base Toolkit before version 2023.0.

Intel® VTune™ Profiler software is included as part of the Intel® System Bring-up Toolkit before version 2023.0.

Recommendations:

Intel recommends updating the Intel® VTune™ Profiler software to version 2023.0.

Updates are available for download at this location:

<https://www.intel.com/content/www/us/en/developer/tools/oneapi/vtune-profiler-download.html&gt;

Intel recommends updating the Intel® oneAPI Base Toolkit before version 2023.0.

Updates are available for download at this location:

<https://www.intel.com/content/www/us/en/developer/tools/oneapi/base-toolkit-download.html&gt;

Intel recommends updating the Intel® System Bring-up Toolkit before version 2023.0.

Updates are available for download at this location:

<https://www.intel.com/content/www/us/en/developer/tools/oneapi/system-bring-up-toolkit.html&gt;

Acknowledgements:

Intel would like to thank Marius Gabriel Mihai for reporting these issues.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

prion 2
cve 2
nvd 2
cvelist 2
prion
prion
Privilege escalation
2023-05-10 14:15:00
Privilege escalation
2023-05-10 14:15:00
cve
cve
CVE-2022-41658
2023-05-10 14:15:18
CVE-2022-41982
2023-05-10 14:15:22
nvd
nvd
CVE-2022-41982
2023-05-10 14:15:22
CVE-2022-41658
2023-05-10 14:15:18
cvelist
cvelist
CVE-2022-41982
2023-05-10 13:16:37
CVE-2022-41658
2023-05-10 13:16:38

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for INTEL:INTEL-SA-00771
prion2cve2nvd2cvelist2