Multiple vulnerabilities in Intel oneAPI Toolkit Software
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Improper access control
EUVDB-ID: #VU87125
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35121
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A local user can bypass implemented security restrictions and gain elevated privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Cluster Checker: 2021.7.3
Intel Integrated Performance Primitives: 2021.9.0
Intel Distribution for Python: 2023.1
Intel oneAPI AI Analytics Toolkit: 2023.2
Intel Trace Analyzer and Collector: 2021.10.0
oneAPI DPC++/C++ Compiler: before 2023.2.1
Intel Advisor for oneAPI: before 2023.2.0
Intel Inspector for oneAPI: before 2023.2.0
Intel IPP Cryptography: before 2021.8.0
Intel MPI Library: before 2021.10.0
Intel oneAPI Base Toolkit: before 2023.2.0
Intel oneAPI Deep Neural Network Library: before 2023.2.0
Intel oneAPI HPC Toolkit: before 2023.2.0
Intel oneAPI IoT Toolkit: before 2023.2.0
Intel oneAPI Math Kernel Library: before 2023.2.0
Intel oneAPI Threading Building Blocks: before 2021.10.0
Intel VTune™ Profiler for oneAPI: before 2023.2.0
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00988.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU87127
Risk: Low
CVSSv3.1: 5.6 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-29162
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A local administrator can trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Cluster Checker: 2021.7.3
Intel Integrated Performance Primitives: 2021.9.0
Intel Distribution for Python: 2023.1
Intel oneAPI AI Analytics Toolkit: 2023.2
Intel Trace Analyzer and Collector: 2021.10.0
Intel Advisor for oneAPI: before 2023.2.0
Intel Inspector for oneAPI: before 2023.2.0
Intel IPP Cryptography: before 2021.8.0
Intel MPI Library: before 2021.10.0
Intel oneAPI Base Toolkit: before 2023.2.0
Intel oneAPI Deep Neural Network Library: before 2023.2.0
Intel oneAPI HPC Toolkit: before 2023.2.0
Intel oneAPI IoT Toolkit: before 2023.2.0
Intel oneAPI Math Kernel Library: before 2023.2.0
Intel oneAPI Threading Building Blocks: before 2021.10.0
Intel VTune™ Profiler for oneAPI: before 2023.2.0
Intel C++ Compiler Classic: before 2021.8
External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00988.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
