PT-2023-1615 · Intel · Intel Oneapi Toolkit+2

Chunyang Dai

Publicado

2023-01-10

Atualizado

2023-03-17

CVE-2022-38136

CVSS v3.1

7.3

Alta

Vetor

AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Intel(R) oneAPI DPC++/C++ Compiler for Windows versions prior to 2022.2.1 Intel(R) oneAPI Toolkits versions prior to 2022.3.1 Intel Fortran Compiler for Windows versions prior to 2022.2.1

Description The issue is related to an uncontrolled search path in the compiler, which may allow an authenticated user to potentially enable escalation of privilege via local access. This could potentially be exploited by an attacker to elevate their privileges.

Recommendations For Intel(R) oneAPI DPC++/C++ Compiler for Windows versions prior to 2022.2.1, update to version 2022.2.1 or later. For Intel(R) oneAPI Toolkits versions prior to 2022.3.1, update to version 2022.3.1 or later. For Intel Fortran Compiler for Windows versions prior to 2022.2.1, update to version 2022.2.1 or later.

Correção

Uncontrolled Search Path Element

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-427

Identificadores relacionados

BDU:2023-01124

CVE-2022-38136

Produtos afetados

Intel Fortran Compiler

Intel Oneapi Dpc++/C++ Compiler

Intel Oneapi Toolkit

PT-2023-1615 · Intel · Intel Oneapi Toolkit+2

CVE-2022-38136

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4