Permissions, Privileges, and Access Controls in oneAPI DPC++/C++ Compiler and Intel oneAPI Toolkits - CVE-2022-26843

 

Permissions, Privileges, and Access Controls in oneAPI DPC++/C++ Compiler and Intel oneAPI Toolkits - CVE-2022-26843

Published: March 9, 2023


Vulnerability identifier: #VU73213
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2022-26843
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Intel
Affected software:
oneAPI DPC++/C++ Compiler
Intel oneAPI Toolkits

Detailed vulnerability description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to insufficient visual distinction of homoglyphs presented to user, which leads to security restrictions bypass and privilege escalation.


How to mitigate CVE-2022-26843

Install updates from vendor's website.

Sources