#VU79532 Untrusted search path in Intel products - CVE-2023-28823
Published: August 15, 2023
Vulnerability identifier: #VU79532
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-28823
CWE-ID: CWE-426
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Intel Advisor for oneAPI
Intel CPU Runtime for OpenCL Applications
Intel DPC++ Compatibility Tool
Intel Embree Ray Tracing Kernel Library
Intel Fortran Compiler
Intel Implicit SPMD Program Compiler
Intel Inspector for oneAPI
Intel IPP Cryptography
Intel oneAPI Base Toolkit
Intel oneAPI Data Analytics Library
Intel oneAPI Deep Neural Network Library
Intel oneAPI DPC++/C++ Compiler
Intel oneAPI DPC++ Library (oneDPL)
Intel oneAPI HPC Toolkit
Intel oneAPI IoT Toolkit
Intel oneAPI Rendering Toolkit
Intel oneAPI Threading Building Blocks
Intel oneAPI Video Processing Library
Intel Open Image Denoise
Intel Open Volume Kernel Library
Intel OSPRay
Intel OSPRay Studio
Intel Trace Analyzer and Collector
Intel VTune Profiler for oneAPI
Intel Distribution for Python programming language
Intel Integrated Performance Primitives
MPI Library
Intel oneAPI Math Kernel Library
Intel oneAPI Toolkits
Intel Advisor for oneAPI
Intel CPU Runtime for OpenCL Applications
Intel DPC++ Compatibility Tool
Intel Embree Ray Tracing Kernel Library
Intel Fortran Compiler
Intel Implicit SPMD Program Compiler
Intel Inspector for oneAPI
Intel IPP Cryptography
Intel oneAPI Base Toolkit
Intel oneAPI Data Analytics Library
Intel oneAPI Deep Neural Network Library
Intel oneAPI DPC++/C++ Compiler
Intel oneAPI DPC++ Library (oneDPL)
Intel oneAPI HPC Toolkit
Intel oneAPI IoT Toolkit
Intel oneAPI Rendering Toolkit
Intel oneAPI Threading Building Blocks
Intel oneAPI Video Processing Library
Intel Open Image Denoise
Intel Open Volume Kernel Library
Intel OSPRay
Intel OSPRay Studio
Intel Trace Analyzer and Collector
Intel VTune Profiler for oneAPI
Intel Distribution for Python programming language
Intel Integrated Performance Primitives
MPI Library
Intel oneAPI Math Kernel Library
Intel oneAPI Toolkits
Software vendor:
Intel
Intel
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an untrusted search path. A local user can place a malicious binary into a specific location on the system and execute arbitrary code with escalated privileges.
Remediation
Install updates from vendor's website.