CVE-2023-27391 | Severity.io

Description

Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local access.

Related CPE's

advisor_for_oneapi

Vulnerable

cpu_runtime_for_opencl_applications

Vulnerable

distribution_for_python_programming_language

Vulnerable

dpc\+\+_compatibility_tool

Vulnerable

embree_ray_tracing_kernel_library

Vulnerable

fortran_compiler

Vulnerable

implicit_spmd_program_compiler

Vulnerable

inspector_for_oneapi

Vulnerable

integrated_performance_primitives

Vulnerable

ipp_cryptography

Vulnerable

Vulnerable

oneapi_base_toolkit

Vulnerable

oneapi_data_analytics_library

Vulnerable

oneapi_deep_neural_network_library

Vulnerable

oneapi_dpc\+\+\/c\+\+_compiler

Vulnerable

oneapi_dpc\+\+_library_\(onedpl\)

Vulnerable

oneapi_hpc_toolkit

Vulnerable

oneapi_iot_toolkit

Vulnerable

oneapi_math_kernel_library

Vulnerable

oneapi_rendering_toolkit

Vulnerable

oneapi_threading_building_blocks

Vulnerable

oneapi_toolkit_and_component_software_installer

Vulnerable

oneapi_video_processing_library

Vulnerable

open_image_denoise

Vulnerable

open_volume_kernel_library

Vulnerable

Vulnerable

Vulnerable

trace_analyzer_and_collector

Vulnerable

vtune_profiler_for_oneapi

Vulnerable

References

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html

Vendor Advisory

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html

Vendor Advisory

Weaknesses

[email protected]

Secondary

CWE-284

[email protected]

Primary

NVD-CWE-noinfo

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.7 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-08-11T01:15:21.893Z

2 years ago

Last modified

2024-11-21T06:52:48.887Z

1 year ago