SB2023031031 - Multiple vulnerabilities in Intel oneAPI Toolkits

Main Vulnerability Database SB2023031031

SB2023031031 - Multiple vulnerabilities in Intel oneAPI Toolkits

Published: March 10, 2023

Security Bulletin ID SB2023031031

Severity

High

Patch available

YES

Number of vulnerabilities 12

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 12 secuirty vulnerabilities.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-25987)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to improper handling of Unicode encoding in source code to be compiled, which leads to security restrictions bypass and privilege escalation.

2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-26843)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to insufficient visual distinction of homoglyphs presented to user, which leads to security restrictions bypass and privilege escalation.

3) Insecure Inherited Permissions (CVE-ID: CVE-2022-25992)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insecure inherited permissions, which leads to security restrictions bypass and privilege escalation.

4) Untrusted search path (CVE-ID: CVE-2022-26512)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to uncontrolled search path element, which leads to security restrictions bypass and privilege escalation.

5) Untrusted search path (CVE-ID: CVE-2022-26345)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to uncontrolled search path element, which leads to security restrictions bypass and privilege escalation.

6) Untrusted search path (CVE-ID: CVE-2022-26062)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to uncontrolled search path element, which leads to security restrictions bypass and privilege escalation.

7) Untrusted search path (CVE-ID: CVE-2022-25905)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to uncontrolled search path element, which leads to security restrictions bypass and privilege escalation.

8) Untrusted search path (CVE-ID: CVE-2022-26425)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to uncontrolled search path element, which leads to security restrictions bypass and privilege escalation.

9) Untrusted search path (CVE-ID: CVE-2022-26076)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to uncontrolled search path element, which leads to security restrictions bypass and privilege escalation.

10) Untrusted search path (CVE-ID: CVE-2022-26032)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to uncontrolled search path element, which leads to security restrictions bypass and privilege escalation.

11) Untrusted search path (CVE-ID: CVE-2022-26421)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to uncontrolled search path element, which leads to security restrictions bypass and privilege escalation.

12) Untrusted search path (CVE-ID: CVE-2022-26052)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to uncontrolled search path element, which leads to security restrictions bypass and privilege escalation.

Remediation

Install update from vendor's website.

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html