CVE-2023-28823

Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:intel:advisor_for_oneapi::::::::
	cpe:2.3:a:intel:cpu_runtime_for_opencl_applications::::::::
	cpe:2.3:a:intel:distribution_for_python_programming_language::::::::
	cpe:2.3:a:intel:dpc\+\+_compatibility_tool::::::::
	cpe:2.3:a:intel:embree_ray_tracing_kernel_library::::::::
	cpe:2.3:a:intel:fortran_compiler::::::::
	cpe:2.3:a:intel:implicit_spmd_program_compiler::::::::
	cpe:2.3:a:intel:inspector_for_oneapi::::::::
	cpe:2.3:a:intel:integrated_performance_primitives::::::::
	cpe:2.3:a:intel:ipp_cryptography::::::::
	cpe:2.3:a:intel:mpi_library::::::::
	cpe:2.3:a:intel:oneapi_base_toolkit::::::::
	cpe:2.3:a:intel:oneapi_data_analytics_library::::::::
	cpe:2.3:a:intel:oneapi_deep_neural_network_library::::::::
	cpe:2.3:a:intel:oneapi_dpc\+\+\/c\+\+_compiler::::::::
	cpe:2.3:a:intel:oneapi_dpc\+\+_library_\(onedpl\)::::::::
	cpe:2.3:a:intel:oneapi_hpc_toolkit::::::::
	cpe:2.3:a:intel:oneapi_iot_toolkit::::::::
	cpe:2.3:a:intel:oneapi_math_kernel_library::::::::
	cpe:2.3:a:intel:oneapi_rendering_toolkit::::::::
	cpe:2.3:a:intel:oneapi_threading_building_blocks::::::::
	cpe:2.3:a:intel:oneapi_toolkit_and_component_software_installer::::::::
	cpe:2.3:a:intel:oneapi_video_processing_library::::::::
	cpe:2.3:a:intel:open_image_denoise::::::::
	cpe:2.3:a:intel:open_volume_kernel_library::::::::
	cpe:2.3:a:intel:ospray::::::::
	cpe:2.3:a:intel:ospray_studio::::::::
	cpe:2.3:a:intel:trace_analyzer_and_collector::::::::
	cpe:2.3:a:intel:vtune_profiler_for_oneapi::::::::

History

18 Aug 2023, 15:03

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.3
CWE		CWE-427
First Time		Intel oneapi Toolkit And Component Software Installer Intel oneapi Iot Toolkit Intel cpu Runtime For Opencl Applications Intel ospray Intel oneapi Threading Building Blocks Intel ipp Cryptography Intel oneapi Rendering Toolkit Intel open Volume Kernel Library Intel open Image Denoise Intel oneapi Dpc\+\+ Library \(onedpl\) Intel oneapi Base Toolkit Intel mpi Library Intel fortran Compiler Intel ospray Studio Intel embree Ray Tracing Kernel Library Intel Intel vtune Profiler For Oneapi Intel implicit Spmd Program Compiler Intel integrated Performance Primitives Intel advisor For Oneapi Intel oneapi Deep Neural Network Library Intel distribution For Python Programming Language Intel oneapi Video Processing Library Intel trace Analyzer And Collector Intel oneapi Data Analytics Library Intel oneapi Math Kernel Library Intel inspector For Oneapi Intel dpc\+\+ Compatibility Tool Intel oneapi Hpc Toolkit Intel oneapi Dpc\+\+\/c\+\+ Compiler
References	~~(MISC) http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html -~~	(MISC) http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html - Vendor Advisory
CPE		cpe:2.3:a:intel:oneapi_iot_toolkit:::::::: cpe:2.3:a:intel:fortran_compiler:::::::: cpe:2.3:a:intel:implicit_spmd_program_compiler:::::::: cpe:2.3:a:intel:cpu_runtime_for_opencl_applications:::::::: cpe:2.3:a:intel:open_volume_kernel_library:::::::: cpe:2.3:a:intel:oneapi_video_processing_library:::::::: cpe:2.3:a:intel:integrated_performance_primitives:::::::: cpe:2.3:a:intel:oneapi_dpc\+\+\/c\+\+_compiler:::::::: cpe:2.3:a:intel:ospray:::::::: cpe:2.3:a:intel:oneapi_data_analytics_library:::::::: cpe:2.3:a:intel:oneapi_threading_building_blocks:::::::: cpe:2.3:a:intel:embree_ray_tracing_kernel_library:::::::: cpe:2.3:a:intel:ospray_studio:::::::: cpe:2.3:a:intel:trace_analyzer_and_collector:::::::: cpe:2.3:a:intel:oneapi_hpc_toolkit:::::::: cpe:2.3:a:intel:open_image_denoise:::::::: cpe:2.3:a:intel:inspector_for_oneapi:::::::: cpe:2.3:a:intel:ipp_cryptography:::::::: cpe:2.3:a:intel:oneapi_toolkit_and_component_software_installer:::::::: cpe:2.3:a:intel:distribution_for_python_programming_language:::::::: cpe:2.3:a:intel:dpc\+\+_compatibility_tool:::::::: cpe:2.3:a:intel:oneapi_deep_neural_network_library:::::::: cpe:2.3:a:intel:oneapi_dpc\+\+_library_\(onedpl\):::::::: cpe:2.3:a:intel:vtune_profiler_for_oneapi:::::::: cpe:2.3:a:intel:oneapi_math_kernel_library:::::::: cpe:2.3:a:intel:oneapi_base_toolkit:::::::: cpe:2.3:a:intel:mpi_library:::::::: cpe:2.3:a:intel:oneapi_rendering_toolkit:::::::: cpe:2.3:a:intel:advisor_for_oneapi::::::::

11 Aug 2023, 03:44

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-08-11 03:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-28823

Mitre link : CVE-2023-28823

CVE.ORG link : CVE-2023-28823

JSON object : View

Products Affected

intel

cpu_runtime_for_opencl_applications
oneapi_data_analytics_library
oneapi_dpc\+\+\/c\+\+_compiler
oneapi_math_kernel_library
integrated_performance_primitives
oneapi_rendering_toolkit
fortran_compiler
inspector_for_oneapi
distribution_for_python_programming_language
trace_analyzer_and_collector
oneapi_base_toolkit
oneapi_threading_building_blocks
oneapi_dpc\+\+_library_\(onedpl\)
oneapi_iot_toolkit
open_image_denoise
embree_ray_tracing_kernel_library
oneapi_toolkit_and_component_software_installer
dpc\+\+_compatibility_tool
ipp_cryptography
oneapi_deep_neural_network_library
oneapi_hpc_toolkit
ospray_studio
vtune_profiler_for_oneapi
mpi_library
oneapi_video_processing_library
advisor_for_oneapi
ospray
open_volume_kernel_library
implicit_spmd_program_compiler

CWE

CWE-427

Uncontrolled Search Path Element

7.3 /10