Risk | Low |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2023-27391 CVE-2023-28823 |
CWE-ID | CWE-284 CWE-426 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software |
Intel Advisor for oneAPI Universal components / Libraries / Software for developers Intel CPU Runtime for OpenCL Applications Universal components / Libraries / Software for developers Intel DPC++ Compatibility Tool Universal components / Libraries / Software for developers Intel Embree Ray Tracing Kernel Library Universal components / Libraries / Software for developers Intel Fortran Compiler Universal components / Libraries / Software for developers Intel Implicit SPMD Program Compiler Universal components / Libraries / Software for developers Intel Inspector for oneAPI Universal components / Libraries / Software for developers Intel IPP Cryptography Universal components / Libraries / Software for developers Intel oneAPI Base Toolkit Universal components / Libraries / Software for developers Intel oneAPI Data Analytics Library Universal components / Libraries / Software for developers Intel oneAPI Deep Neural Network Library Universal components / Libraries / Software for developers Intel oneAPI DPC++/C++ Compiler Universal components / Libraries / Software for developers Intel oneAPI DPC++ Library (oneDPL) Universal components / Libraries / Software for developers Intel oneAPI HPC Toolkit Universal components / Libraries / Software for developers Intel oneAPI IoT Toolkit Universal components / Libraries / Software for developers Intel oneAPI Rendering Toolkit Universal components / Libraries / Software for developers Intel oneAPI Threading Building Blocks Universal components / Libraries / Software for developers Intel oneAPI Video Processing Library Universal components / Libraries / Software for developers Intel Open Image Denoise Universal components / Libraries / Software for developers Intel Open Volume Kernel Library Universal components / Libraries / Software for developers Intel OSPRay Universal components / Libraries / Software for developers Intel OSPRay Studio Universal components / Libraries / Software for developers Intel Trace Analyzer and Collector Universal components / Libraries / Software for developers Intel VTune Profiler for oneAPI Universal components / Libraries / Software for developers Intel Distribution for Python programming language Universal components / Libraries / Programming Languages & Components Intel Integrated Performance Primitives Universal components / Libraries / Libraries used by multiple products MPI Library Universal components / Libraries / Libraries used by multiple products Intel oneAPI Math Kernel Library Hardware solutions / Firmware Intel oneAPI Toolkits Hardware solutions / Firmware |
Vendor | Intel |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU79531
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-27391
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper access restrictions. A local user can escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsIntel Advisor for oneAPI: before 2023.1
Intel CPU Runtime for OpenCL Applications: before 2023.1
Intel Distribution for Python programming language: before 2023.1
Intel DPC++ Compatibility Tool: before 2023.1
Intel Embree Ray Tracing Kernel Library: before 2023.1
Intel Fortran Compiler: before 2023.1
Intel Implicit SPMD Program Compiler: before 1.19.1
Intel Inspector for oneAPI: before 2023.1
Intel Integrated Performance Primitives: before 2021.8
Intel IPP Cryptography: before 2021.7.0
MPI Library: before 2021.9
Intel oneAPI Base Toolkit: before 2023.1
Intel oneAPI Data Analytics Library: before 2023.1
Intel oneAPI Deep Neural Network Library: before 2023.1
Intel oneAPI DPC++/C++ Compiler: before 2023.1
Intel oneAPI DPC++ Library (oneDPL): before 2022.1
Intel oneAPI HPC Toolkit: before 2023.1
Intel oneAPI IoT Toolkit: before 2023.1
Intel oneAPI Math Kernel Library: before 2023.1
Intel oneAPI Rendering Toolkit: before 2023.1
Intel oneAPI Threading Building Blocks: before 2021.9.0
Intel oneAPI Video Processing Library: before 2023.1
Intel Open Image Denoise: before 1.4.3
Intel Open Volume Kernel Library: before 2023.1
Intel OSPRay: before 2023.1
Intel OSPRay Studio: before 2023.1
Intel Trace Analyzer and Collector: before 2021.9.0
Intel VTune Profiler for oneAPI: before 2023.1
Intel oneAPI Toolkits: before 2023.1.0
CPE2.3http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU79532
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28823
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an untrusted search path. A local user can place a malicious binary into a specific location on the system and execute arbitrary code with escalated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Advisor for oneAPI: before 2023.1
Intel CPU Runtime for OpenCL Applications: before 2023.1
Intel Distribution for Python programming language: before 2023.1
Intel DPC++ Compatibility Tool: before 2023.1
Intel Embree Ray Tracing Kernel Library: before 2023.1
Intel Fortran Compiler: before 2023.1
Intel Implicit SPMD Program Compiler: before 1.19.1
Intel Inspector for oneAPI: before 2023.1
Intel Integrated Performance Primitives: before 2021.8
Intel IPP Cryptography: before 2021.7.0
MPI Library: before 2021.9
Intel oneAPI Base Toolkit: before 2023.1
Intel oneAPI Data Analytics Library: before 2023.1
Intel oneAPI Deep Neural Network Library: before 2023.1
Intel oneAPI DPC++/C++ Compiler: before 2023.1
Intel oneAPI DPC++ Library (oneDPL): before 2022.1
Intel oneAPI HPC Toolkit: before 2023.1
Intel oneAPI IoT Toolkit: before 2023.1
Intel oneAPI Math Kernel Library: before 2023.1
Intel oneAPI Rendering Toolkit: before 2023.1
Intel oneAPI Threading Building Blocks: before 2021.9.0
Intel oneAPI Video Processing Library: before 2023.1
Intel Open Image Denoise: before 1.4.3
Intel Open Volume Kernel Library: before 2023.1
Intel OSPRay: before 2023.1
Intel OSPRay Studio: before 2023.1
Intel Trace Analyzer and Collector: before 2021.9.0
Intel VTune Profiler for oneAPI: before 2023.1
Intel oneAPI Toolkits: before 2023.1.0
CPE2.3http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.