Untrusted search path in Intel products - CVE-2024-26017

 

Untrusted search path in Intel products - CVE-2024-26017

Published: November 13, 2024


Vulnerability identifier: #VU100423
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-26017
CWE-ID: CWE-426
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Intel
Affected software:
Intel Rendering Toolkit
Intel Embree
Intel Open Path Guiding Library (Intel Open PGL)
Intel Open Image Denoise
Intel Open Volume Kernel Library
Intel OSPRay
Intel OSPRay Studio

Detailed vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to usage of an untrusted search path. A local user can gain elevated privileges on the target system.


How to mitigate CVE-2024-26017

Install updates from vendor's website.

Sources