Multiple vulnerabilities in Intel oneAPI Toolkits



Risk High
Patch available YES
Number of vulnerabilities 12
CVE-ID CVE-2022-25987
CVE-2022-26843
CVE-2022-25992
CVE-2022-26512
CVE-2022-26345
CVE-2022-26062
CVE-2022-25905
CVE-2022-26425
CVE-2022-26076
CVE-2022-26032
CVE-2022-26421
CVE-2022-26052
CWE-ID CWE-264
CWE-277
CWE-426
Exploitation vector Network
Public exploit N/A
Vulnerable software
C++ Compiler (Classic)
Universal components / Libraries / Software for developers

oneAPI DPC++/C++ Compiler
Universal components / Libraries / Software for developers

Intel oneAPI Toolkits
Hardware solutions / Firmware

Intel oneAPI Toolkits oneapi-cli
Hardware solutions / Firmware

Intel FPGA Add-on for Intel oneAPI Base Toolkit
Hardware solutions / Firmware

Intel oneAPI Toolkit OpenMP
Hardware solutions / Firmware

Trace Analyzer and Collector
Hardware solutions / Firmware

Intel oneAPI Data Analytics Library (oneDAL)
Hardware solutions / Firmware

oneAPI Collective Communications Library (oneCCL)
Hardware solutions / Firmware

oneAPI Deep Neural Network (oneDNN)
Hardware solutions / Firmware

Intel oneAPI DPC++/C++ Compiler Runtime
Hardware solutions / Firmware

Intel Distribution for Python programming language
Universal components / Libraries / Programming Languages & Components

MPI Library
Universal components / Libraries / Libraries used by multiple products

Vendor Intel

Security Bulletin

This security bulletin contains information about 12 vulnerabilities.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU73209

Risk: High

CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-25987

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to improper handling of Unicode encoding in source code to be compiled, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

C++ Compiler (Classic): before 2021.6

Intel oneAPI Toolkits: before 2022.2

CPE2.3 External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU73213

Risk: High

CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-26843

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to insufficient visual distinction of homoglyphs presented to user, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

oneAPI DPC++/C++ Compiler: before 2022.1

Intel oneAPI Toolkits: before 2022.2

CPE2.3 External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Insecure Inherited Permissions

EUVDB-ID: #VU73234

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-25992

CWE-ID: CWE-277 - Insecure inherited permissions

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insecure inherited permissions, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel oneAPI Toolkits oneapi-cli: before 0.2.0

CPE2.3 External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Untrusted search path

EUVDB-ID: #VU73235

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-26512

CWE-ID: CWE-426 - Untrusted Search Path

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to uncontrolled search path element, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel FPGA Add-on for Intel oneAPI Base Toolkit: before 2022.2

CPE2.3 External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Untrusted search path

EUVDB-ID: #VU73236

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-26345

CWE-ID: CWE-426 - Untrusted Search Path

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to uncontrolled search path element, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel oneAPI Toolkit OpenMP: before 2022.1

CPE2.3 External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Untrusted search path

EUVDB-ID: #VU73237

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-26062

CWE-ID: CWE-426 - Untrusted Search Path

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to uncontrolled search path element, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Trace Analyzer and Collector: before 2021.6

CPE2.3 External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Untrusted search path

EUVDB-ID: #VU73238

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-25905

CWE-ID: CWE-426 - Untrusted Search Path

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to uncontrolled search path element, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel oneAPI Data Analytics Library (oneDAL): before 2021.5

CPE2.3 External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Untrusted search path

EUVDB-ID: #VU73239

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-26425

CWE-ID: CWE-426 - Untrusted Search Path

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to uncontrolled search path element, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

oneAPI Collective Communications Library (oneCCL): before 2021.6

CPE2.3 External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Untrusted search path

EUVDB-ID: #VU73240

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-26076

CWE-ID: CWE-426 - Untrusted Search Path

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to uncontrolled search path element, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

oneAPI Deep Neural Network (oneDNN): before 2022.1

CPE2.3 External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Untrusted search path

EUVDB-ID: #VU73241

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-26032

CWE-ID: CWE-426 - Untrusted Search Path

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to uncontrolled search path element, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Distribution for Python programming language: before 2022.1

CPE2.3 External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Untrusted search path

EUVDB-ID: #VU73242

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-26421

CWE-ID: CWE-426 - Untrusted Search Path

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to uncontrolled search path element, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel oneAPI DPC++/C++ Compiler Runtime: before 2022.0

CPE2.3 External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Untrusted search path

EUVDB-ID: #VU73243

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-26052

CWE-ID: CWE-426 - Untrusted Search Path

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to uncontrolled search path element, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MPI Library: before 2021.6

CPE2.3 External links

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###