CVE-2023-22355

moderate-risk

Published 2023-05-10

Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local access.

Do I need to act?

0.10% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.7/10 Medium

LOCAL / HIGH complexity

Affected Products (20)

Advisor

Cpu Runtime

Distribution For Python

Dpc\+\+ Compatibility Tool

Embree Ray Tracing Kernel Library

Fortran Compiler

Implicit Spmd Program Compiler

Inspector

Integrated Performance Primitives

Integrated Performance Primitives Cryptography

Mpi Library

Oneapi Base Toolkit

Oneapi Data Analytics Library

Oneapi Deep Neural Network Library

Oneapi Dpc\+\+\/C\+\+ Compiler

Oneapi Dpc\+\+ Library

Oneapi Hpc Toolkit

Oneapi Iot Toolkit

Oneapi Math Kernel Library

Affected Vendors

Intel

References (2)

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00819....

/ 100

moderate-risk

Severity 17/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 22/34 · High