Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00988
HistoryMar 27, 2024 - 12:00 a.m.

Intel® oneAPI Toolkit Software Advisory

2024-03-2700:00:00
Intel Security Center
www.intel.com
7
intel
oneapi
toolkits
component software
security vulnerabilities
privilege escalation
update

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Summary:

Potential security vulnerabilities in some Intel® oneAPI Toolkits and standalone component software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2023-35121

Description: Improper access control in the Intel® oneAPI DPC++/C++ Compiler before version 2022.2.1 for some Intel® oneAPI Toolkits before version 2022.3.1 may allow authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 7.8 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2023-29162

Description: Improper buffer restrictions the Intel® C++ Compiler Classic before version 2021.8 for Intel® oneAPI Toolkits before version 2022.3.1 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L

Affected Products:

Intel® Advisor for oneAPI before version 2023.2.0.

Intel® Cluster Checker 2021.7.3.

Intel® Inspector for oneAPI before version 2023.2.0.

Intel® Integrated Performance Primitives 2021.9.0.

Intel® IPP Cryptography before version 2021.8.0.

Intel® Distribution for Python 2023.1.

Intel® MPI Library before version 2021.10.0.

Intel® oneAPI AI Analytics Toolkit 2023.2.

Intel® oneAPI Base Toolkit before version 2023.2.0.

Intel® oneAPI Deep Neural Network Library before version 2023.2.0.

Intel® oneAPI HPC Toolkit before version 2023.2.0.

Intel® oneAPI IoT Toolkit before version 2023.2.0.

Intel® oneAPI Math Kernel Library before version 2023.2.0.

Intel® oneAPI Threading Building Blocks before version 2021.10.0.

Intel® Trace Analyzer and Collector 2021.10.0.

Intel® VTune™ Profiler for oneAPI before version 2023.2.0.

Recommendation:

Intel recommends updating Intel® oneAPI Toolkits to version 2023.2.0 or later.

Updates are available for download at this location:

<https://www.intel.com/content/www/us/en/developer/tools/oneapi/toolkits.html&gt;

Intel recommends updating Intel® oneAPI standalone component software to the latest versions.

Updates are available for download at this location:

<https://www.intel.com/content/www/us/en/developer/articles/tool/oneapi-standalone-components.html&gt;

Acknowledgements:

These issues were found internally by Intel.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

nvd 2
prion 2
cve 2
cvelist 2
nvd
nvd
CVE-2023-35121
2024-02-14 14:16:00
CVE-2023-29162
2024-02-14 14:15:49
prion
prion
Improper access control
2024-02-14 14:16:00
Buffer overflow
2024-02-14 14:15:00
cve
cve
CVE-2023-35121
2024-02-14 14:16:00
CVE-2023-29162
2024-02-14 14:15:49
cvelist
cvelist
CVE-2023-35121
2024-02-14 13:38:13
CVE-2023-29162
2024-02-14 13:38:13

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for INTEL:INTEL-SA-00988
nvd2prion2cve2cvelist2