CVE-2023-22355

Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00819.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:intel:advisor::::::oneapi::*
	cpe:2.3:a:intel:cpu_runtime::::::opencl::*
	cpe:2.3:a:intel:distribution_for_python::::::::
	cpe:2.3:a:intel:dpc\+\+_compatibility_tool::::::::
	cpe:2.3:a:intel:embree_ray_tracing_kernel_library::::::::
	cpe:2.3:a:intel:fortran_compiler::::::::
	cpe:2.3:a:intel:implicit_spmd_program_compiler::::::::
	cpe:2.3:a:intel:inspector::::::oneapi::*
	cpe:2.3:a:intel:integrated_performance_primitives::::::::
	cpe:2.3:a:intel:integrated_performance_primitives_cryptography::::::::
	cpe:2.3:a:intel:mpi_library::::::::
	cpe:2.3:a:intel:oneapi_base_toolkit::::::::
	cpe:2.3:a:intel:oneapi_data_analytics_library::::::::
	cpe:2.3:a:intel:oneapi_deep_neural_network_library::::::::
	cpe:2.3:a:intel:oneapi_dpc\+\+\/c\+\+_compiler::::::::
	cpe:2.3:a:intel:oneapi_dpc\+\+_library::::::::
	cpe:2.3:a:intel:oneapi_hpc_toolkit::::::::
	cpe:2.3:a:intel:oneapi_hpc_toolkit:2023.0.0:::::::*
	cpe:2.3:a:intel:oneapi_iot_toolkit::::::::
	cpe:2.3:a:intel:oneapi_math_kernel_library::::::::
	cpe:2.3:a:intel:oneapi_rendering_toolkit::::::::
	cpe:2.3:a:intel:oneapi_threading_building_blocks::::::::
	cpe:2.3:a:intel:oneapi_toolkit_and_component_software_installers::::::::
	cpe:2.3:a:intel:oneapi_video_processing_library::::::::
	cpe:2.3:a:intel:open_image_denoise::::::::
	cpe:2.3:a:intel:open_volume_kernel_library::::::::
	cpe:2.3:a:intel:ospray::::::::
	cpe:2.3:a:intel:ospray_studio::::::::
	cpe:2.3:a:intel:trace_analyzer_and_collector::::::::
	cpe:2.3:a:intel:vtune_profiler::::::::

History

19 May 2023, 13:35

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CWE		CWE-427
CPE		cpe:2.3:a:intel:inspector::::::oneapi::* cpe:2.3:a:intel:open_image_denoise:::::::: cpe:2.3:a:intel:oneapi_deep_neural_network_library:::::::: cpe:2.3:a:intel:oneapi_hpc_toolkit:::::::: cpe:2.3:a:intel:dpc\+\+_compatibility_tool:::::::: cpe:2.3:a:intel:oneapi_dpc\+\+_library:::::::: cpe:2.3:a:intel:ospray:::::::: cpe:2.3:a:intel:oneapi_iot_toolkit:::::::: cpe:2.3:a:intel:cpu_runtime::::::opencl::* cpe:2.3:a:intel:integrated_performance_primitives:::::::: cpe:2.3:a:intel:ospray_studio:::::::: cpe:2.3:a:intel:oneapi_threading_building_blocks:::::::: cpe:2.3:a:intel:fortran_compiler:::::::: cpe:2.3:a:intel:distribution_for_python:::::::: cpe:2.3:a:intel:advisor::::::oneapi::* cpe:2.3:a:intel:integrated_performance_primitives_cryptography:::::::: cpe:2.3:a:intel:oneapi_dpc\+\+\/c\+\+_compiler:::::::: cpe:2.3:a:intel:oneapi_math_kernel_library:::::::: cpe:2.3:a:intel:mpi_library:::::::: cpe:2.3:a:intel:oneapi_data_analytics_library:::::::: cpe:2.3:a:intel:oneapi_base_toolkit:::::::: cpe:2.3:a:intel:oneapi_toolkit_and_component_software_installers:::::::: cpe:2.3:a:intel:oneapi_video_processing_library:::::::: cpe:2.3:a:intel:oneapi_rendering_toolkit:::::::: cpe:2.3:a:intel:oneapi_hpc_toolkit:2023.0.0:::::::* cpe:2.3:a:intel:open_volume_kernel_library:::::::: cpe:2.3:a:intel:implicit_spmd_program_compiler:::::::: cpe:2.3:a:intel:trace_analyzer_and_collector:::::::: cpe:2.3:a:intel:vtune_profiler:::::::: cpe:2.3:a:intel:embree_ray_tracing_kernel_library::::::::
References	~~(MISC) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00819.html -~~	(MISC) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00819.html - Vendor Advisory
First Time		Intel integrated Performance Primitives Intel oneapi Rendering Toolkit Intel trace Analyzer And Collector Intel vtune Profiler Intel inspector Intel oneapi Video Processing Library Intel cpu Runtime Intel embree Ray Tracing Kernel Library Intel distribution For Python Intel integrated Performance Primitives Cryptography Intel oneapi Iot Toolkit Intel oneapi Base Toolkit Intel ospray Studio Intel oneapi Deep Neural Network Library Intel Intel advisor Intel dpc\+\+ Compatibility Tool Intel ospray Intel mpi Library Intel oneapi Data Analytics Library Intel oneapi Math Kernel Library Intel open Volume Kernel Library Intel fortran Compiler Intel oneapi Toolkit And Component Software Installers Intel implicit Spmd Program Compiler Intel open Image Denoise Intel oneapi Hpc Toolkit Intel oneapi Dpc\+\+\/c\+\+ Compiler Intel oneapi Threading Building Blocks Intel oneapi Dpc\+\+ Library

10 May 2023, 14:38

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-05-10 14:15

Updated : 2023-12-10 15:01

NVD link : CVE-2023-22355

Mitre link : CVE-2023-22355

CVE.ORG link : CVE-2023-22355

JSON object : View

Products Affected

intel

advisor
oneapi_dpc\+\+\/c\+\+_compiler
cpu_runtime
ospray
trace_analyzer_and_collector
oneapi_toolkit_and_component_software_installers
oneapi_base_toolkit
distribution_for_python
oneapi_math_kernel_library
inspector
oneapi_threading_building_blocks
oneapi_data_analytics_library
oneapi_dpc\+\+_library
fortran_compiler
embree_ray_tracing_kernel_library
oneapi_deep_neural_network_library
vtune_profiler
integrated_performance_primitives
oneapi_rendering_toolkit
open_image_denoise
oneapi_iot_toolkit
dpc\+\+_compatibility_tool
implicit_spmd_program_compiler
open_volume_kernel_library
integrated_performance_primitives_cryptography
ospray_studio
oneapi_video_processing_library
oneapi_hpc_toolkit
mpi_library

CWE

CWE-427

Uncontrolled Search Path Element

7.8 /10