CVE-2023-27391

Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:intel:advisor_for_oneapi::::::::
	cpe:2.3:a:intel:cpu_runtime_for_opencl_applications::::::::
	cpe:2.3:a:intel:distribution_for_python_programming_language::::::::
	cpe:2.3:a:intel:dpc\+\+_compatibility_tool::::::::
	cpe:2.3:a:intel:embree_ray_tracing_kernel_library::::::::
	cpe:2.3:a:intel:fortran_compiler::::::::
	cpe:2.3:a:intel:implicit_spmd_program_compiler::::::::
	cpe:2.3:a:intel:inspector_for_oneapi::::::::
	cpe:2.3:a:intel:integrated_performance_primitives::::::::
	cpe:2.3:a:intel:ipp_cryptography::::::::
	cpe:2.3:a:intel:mpi_library::::::::
	cpe:2.3:a:intel:oneapi_base_toolkit::::::::
	cpe:2.3:a:intel:oneapi_data_analytics_library::::::::
	cpe:2.3:a:intel:oneapi_deep_neural_network_library::::::::
	cpe:2.3:a:intel:oneapi_dpc\+\+\/c\+\+_compiler::::::::
	cpe:2.3:a:intel:oneapi_dpc\+\+_library_\(onedpl\)::::::::
	cpe:2.3:a:intel:oneapi_hpc_toolkit::::::::
	cpe:2.3:a:intel:oneapi_iot_toolkit::::::::
	cpe:2.3:a:intel:oneapi_math_kernel_library::::::::
	cpe:2.3:a:intel:oneapi_rendering_toolkit::::::::
	cpe:2.3:a:intel:oneapi_threading_building_blocks::::::::
	cpe:2.3:a:intel:oneapi_toolkit_and_component_software_installer::::::::
	cpe:2.3:a:intel:oneapi_video_processing_library::::::::
	cpe:2.3:a:intel:open_image_denoise::::::::
	cpe:2.3:a:intel:open_volume_kernel_library::::::::
	cpe:2.3:a:intel:ospray::::::::
	cpe:2.3:a:intel:ospray_studio::::::::
	cpe:2.3:a:intel:trace_analyzer_and_collector::::::::
	cpe:2.3:a:intel:vtune_profiler_for_oneapi::::::::

History

17 Aug 2023, 17:47

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.7
References	~~(MISC) http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html -~~	(MISC) http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html - Vendor Advisory
First Time		Intel oneapi Toolkit And Component Software Installer Intel oneapi Iot Toolkit Intel cpu Runtime For Opencl Applications Intel ospray Intel oneapi Threading Building Blocks Intel ipp Cryptography Intel oneapi Rendering Toolkit Intel open Volume Kernel Library Intel open Image Denoise Intel oneapi Dpc\+\+ Library \(onedpl\) Intel oneapi Base Toolkit Intel mpi Library Intel fortran Compiler Intel ospray Studio Intel embree Ray Tracing Kernel Library Intel Intel vtune Profiler For Oneapi Intel implicit Spmd Program Compiler Intel integrated Performance Primitives Intel advisor For Oneapi Intel oneapi Deep Neural Network Library Intel distribution For Python Programming Language Intel oneapi Video Processing Library Intel trace Analyzer And Collector Intel oneapi Data Analytics Library Intel oneapi Math Kernel Library Intel inspector For Oneapi Intel dpc\+\+ Compatibility Tool Intel oneapi Hpc Toolkit Intel oneapi Dpc\+\+\/c\+\+ Compiler
CPE		cpe:2.3:a:intel:oneapi_iot_toolkit:::::::: cpe:2.3:a:intel:fortran_compiler:::::::: cpe:2.3:a:intel:implicit_spmd_program_compiler:::::::: cpe:2.3:a:intel:cpu_runtime_for_opencl_applications:::::::: cpe:2.3:a:intel:open_volume_kernel_library:::::::: cpe:2.3:a:intel:oneapi_video_processing_library:::::::: cpe:2.3:a:intel:integrated_performance_primitives:::::::: cpe:2.3:a:intel:oneapi_dpc\+\+\/c\+\+_compiler:::::::: cpe:2.3:a:intel:ospray:::::::: cpe:2.3:a:intel:oneapi_data_analytics_library:::::::: cpe:2.3:a:intel:oneapi_threading_building_blocks:::::::: cpe:2.3:a:intel:embree_ray_tracing_kernel_library:::::::: cpe:2.3:a:intel:ospray_studio:::::::: cpe:2.3:a:intel:trace_analyzer_and_collector:::::::: cpe:2.3:a:intel:oneapi_hpc_toolkit:::::::: cpe:2.3:a:intel:open_image_denoise:::::::: cpe:2.3:a:intel:inspector_for_oneapi:::::::: cpe:2.3:a:intel:ipp_cryptography:::::::: cpe:2.3:a:intel:oneapi_toolkit_and_component_software_installer:::::::: cpe:2.3:a:intel:distribution_for_python_programming_language:::::::: cpe:2.3:a:intel:dpc\+\+_compatibility_tool:::::::: cpe:2.3:a:intel:oneapi_deep_neural_network_library:::::::: cpe:2.3:a:intel:oneapi_dpc\+\+_library_\(onedpl\):::::::: cpe:2.3:a:intel:vtune_profiler_for_oneapi:::::::: cpe:2.3:a:intel:oneapi_math_kernel_library:::::::: cpe:2.3:a:intel:oneapi_base_toolkit:::::::: cpe:2.3:a:intel:mpi_library:::::::: cpe:2.3:a:intel:oneapi_rendering_toolkit:::::::: cpe:2.3:a:intel:advisor_for_oneapi::::::::

11 Aug 2023, 03:44

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-08-11 03:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-27391

Mitre link : CVE-2023-27391

CVE.ORG link : CVE-2023-27391

JSON object : View

Products Affected

intel

cpu_runtime_for_opencl_applications
oneapi_data_analytics_library
oneapi_dpc\+\+\/c\+\+_compiler
oneapi_math_kernel_library
integrated_performance_primitives
oneapi_rendering_toolkit
fortran_compiler
inspector_for_oneapi
distribution_for_python_programming_language
trace_analyzer_and_collector
oneapi_base_toolkit
oneapi_threading_building_blocks
oneapi_dpc\+\+_library_\(onedpl\)
oneapi_iot_toolkit
open_image_denoise
embree_ray_tracing_kernel_library
oneapi_toolkit_and_component_software_installer
dpc\+\+_compatibility_tool
ipp_cryptography
oneapi_deep_neural_network_library
oneapi_hpc_toolkit
ospray_studio
vtune_profiler_for_oneapi
mpi_library
oneapi_video_processing_library
advisor_for_oneapi
ospray
open_volume_kernel_library
implicit_spmd_program_compiler

CWE

NVD-CWE-noinfo CWE-284

Improper Access Control

6.7 /10