PT-2021-2103 · Intel · Intel(R) Fpga Opae Driver For Linux+1
Published
2021-02-09
·
Updated
2021-06-09
·
CVE-2020-24485
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Intel(R) FPGA OPAE Driver for Linux versions prior to 4.17
Intel(R) Trace Analyzer and Collector versions prior to 2020 update 3
Description:
The issue is related to improper conditions check and uncontrolled search path, which may allow an authenticated user to potentially enable escalation of privilege via local access.
Recommendations:
For Intel(R) FPGA OPAE Driver for Linux versions prior to 4.17, update to kernel version 4.17 or later to resolve the issue.
For Intel(R) Trace Analyzer and Collector versions prior to 2020 update 3, update to version 2020 update 3 or later to resolve the issue.
As a temporary workaround, consider restricting local access to minimize the risk of exploitation.
Fix
Uncontrolled Search Path Element
Untrusted Search Path
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Intel(R) Fpga Opae Driver For Linux
Intel Trace Analyzer/Collector