Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00819
HistoryMay 09, 2023 - 12:00 a.m.

Intel® oneAPI Toolkit and Component Software Installers Advisory

2023-05-0900:00:00
Intel Security Center
www.intel.com
24
vulnerability
privilege escalation
security update
intel
oneapi
software installer
cve-2023-22355
advisory
cpu runtime
python
dpc++
fortran compiler
security recommendation
coordinated disclosure

EPSS

0

Percentile

9.0%

JSON

Summary:

A potential security vulnerability in some Intel® oneAPI Toolkit and component software installers may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability.

Vulnerability Details:

CVEID: CVE-2023-22355

Description: Uncontrolled search path in some Intel® oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected Products:

Intel® Advisor for oneAPI before version 2023.0.

Intel® CPU Runtime for OpenCL™ Applications before version 2023.0.

Intel® Distribution for Python* programming language before version 2023.0.

Intel® DPC++ Compatibility Tool before version 2023.0.

Intel® Embree Ray Tracing Kernel Library before version 2023.0.

Intel® Fortran Compiler before version 2023.0.

Intel® Implicit SPMD Program Compiler before version 1.18.1.

Intel® Inspector for oneAPI before version 2023.0.

Intel® Integrated Performance Primitives before version 2021.7.

Intel® IPP Cryptography before version 2021.6.3.

Intel® MPI Library before version 2021.8.

Intel® oneAPI Base Toolkit before version 2023.0.

Intel® oneAPI Data Analytics Library before version 2023.0.

Intel® oneAPI Deep Neural Network Library before version 2023.0.

Intel® oneAPI DPC++/C++ Compiler before version 2023.0.

Intel® oneAPI DPC++ Library (oneDPL) before version 2022.0.

Intel® oneAPI HPC Toolkit before version 2023.0.

Intel® oneAPI IoT Toolkit before version 2023.0.

Intel® oneAPI Math Kernel Library before version 2023.0.

Intel® oneAPI Rendering Toolkit before version 2023.0.

Intel® oneAPI Threading Building Blocks before version 2021.8.

Intel® oneAPI Video Processing Library before version 2023.0.

Intel® Open Image Denoise before version 1.4.3.

Intel® Open Volume Kernel Library before version 2023.0.

Intel® OSPRay before version 2023.0.

Intel® OSPRay Studio before version 2023.0.

Intel® Trace Analyzer and Collector before version 2021.8.0.

Intel® VTune™ Profiler for oneAPI before version 2023.0.

Recommendations:

Intel recommends updating Intel® oneAPI Toolkits to version 2023.0.0 or later.

Updates are available for download at this location:

<https://www.intel.com/content/www/us/en/developer/tools/oneapi/toolkits.html&gt;

Intel recommends updating any installed Intel® oneAPI standalone component software to the latest versions.

Updates are available for download at these locations:

<https://www.intel.com/content/www/us/en/developer/articles/tool/oneapi-standalone-components.html&gt;

Acknowledgements:

The following issues was found externally.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

cvelist 1
osv 1
cve 1
prion 1
nvd 1
cvelist
cvelist
CVE-2023-22355
2023-05-10 13:17:14
osv
osv
CVE-2023-22355
2023-05-10 14:15:27
cve
cve
CVE-2023-22355
2023-05-10 14:15:27
prion
prion
Design/Logic Flaw
2023-05-10 14:15:00
nvd
nvd
CVE-2023-22355
2023-05-10 14:15:27

EPSS

0

Percentile

9.0%

JSON
Related for INTEL:INTEL-SA-00819
cvelist1osv1cve1prion1nvd1