CVE-2023-35121

CWE-284 — Improper Access Control3 documents3 sources

Severity

7.8HIGH

EPSS

0.1%

top 71.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Advisor Intel Inspector Intel Integrated Performance Primitives Cryptography +14 more

Timeline

PublishedFeb 14

Latest updateMar 28

Description

Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow authenticated user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.1 | Impact: 6.0

Affected Packages17 packages

▶CVEListV5intel(r)_oneapi_dpc++/c++_compiler_softwarebefore version 2023.2.1

▶NVDintel/oneapi_base_toolkit< 2023.2+1

▶NVDintel/oneapi_deep_neural_network< 2023.2+1

▶NVDintel/oneapi_math_kernel_library< 2023.2

▶NVDintel/oneapi_hpc_toolkit2023.2

🔴Vulnerability Details

GHSA

GHSA-vpq8-9rj2-88fw: Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022↗2024-03-28

▶

CVEList

CVE-2023-35121: Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022↗2024-02-14

▶