Multiple vulnerabilities in Intel oneAPI Toolkits
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 12 |
| CVE-ID | CVE-2022-25987 CVE-2022-26843 CVE-2022-25992 CVE-2022-26512 CVE-2022-26345 CVE-2022-26062 CVE-2022-25905 CVE-2022-26425 CVE-2022-26076 CVE-2022-26032 CVE-2022-26421 CVE-2022-26052 |
| CWE-ID | CWE-264 CWE-277 CWE-426 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
C++ Compiler (Classic) Universal components / Libraries / Software for developers oneAPI DPC++/C++ Compiler Universal components / Libraries / Software for developers Intel oneAPI Toolkits Hardware solutions / Firmware Intel oneAPI Toolkits oneapi-cli Hardware solutions / Firmware Intel FPGA Add-on for Intel oneAPI Base Toolkit Hardware solutions / Firmware Intel oneAPI Toolkit OpenMP Hardware solutions / Firmware Trace Analyzer and Collector Hardware solutions / Firmware Intel oneAPI Data Analytics Library (oneDAL) Hardware solutions / Firmware oneAPI Collective Communications Library (oneCCL) Hardware solutions / Firmware oneAPI Deep Neural Network (oneDNN) Hardware solutions / Firmware Intel oneAPI DPC++/C++ Compiler Runtime Hardware solutions / Firmware Intel Distribution for Python programming language Universal components / Libraries / Programming Languages & Components MPI Library Universal components / Libraries / Libraries used by multiple products |
| Vendor |
Security Bulletin
This security bulletin contains information about 12 vulnerabilities.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU73209
Risk: High
CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25987
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to improper handling of Unicode encoding in source code to be compiled, which leads to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsC++ Compiler (Classic): before 2021.6
Intel oneAPI Toolkits: before 2022.2
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU73213
Risk: High
CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-26843
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to insufficient visual distinction of homoglyphs presented to user, which leads to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsoneAPI DPC++/C++ Compiler: before 2022.1
Intel oneAPI Toolkits: before 2022.2
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Insecure Inherited Permissions
EUVDB-ID: #VU73234
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25992
CWE-ID:
CWE-277 - Insecure inherited permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insecure inherited permissions, which leads to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel oneAPI Toolkits oneapi-cli: before 0.2.0
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Untrusted search path
EUVDB-ID: #VU73235
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-26512
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to uncontrolled search path element, which leads to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel FPGA Add-on for Intel oneAPI Base Toolkit: before 2022.2
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Untrusted search path
EUVDB-ID: #VU73236
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-26345
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to uncontrolled search path element, which leads to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel oneAPI Toolkit OpenMP: before 2022.1
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Untrusted search path
EUVDB-ID: #VU73237
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-26062
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to uncontrolled search path element, which leads to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsTrace Analyzer and Collector: before 2021.6
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Untrusted search path
EUVDB-ID: #VU73238
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-25905
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to uncontrolled search path element, which leads to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel oneAPI Data Analytics Library (oneDAL): before 2021.5
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Untrusted search path
EUVDB-ID: #VU73239
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-26425
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to uncontrolled search path element, which leads to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsoneAPI Collective Communications Library (oneCCL): before 2021.6
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Untrusted search path
EUVDB-ID: #VU73240
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-26076
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to uncontrolled search path element, which leads to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsoneAPI Deep Neural Network (oneDNN): before 2022.1
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Untrusted search path
EUVDB-ID: #VU73241
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-26032
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to uncontrolled search path element, which leads to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Distribution for Python programming language: before 2022.1
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Untrusted search path
EUVDB-ID: #VU73242
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-26421
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to uncontrolled search path element, which leads to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel oneAPI DPC++/C++ Compiler Runtime: before 2022.0
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Untrusted search path
EUVDB-ID: #VU73243
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-26052
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to uncontrolled search path element, which leads to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMPI Library: before 2021.6
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
