CVE-2023-28823

moderate-risk
Published 2023-08-11

Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local access.

Do I need to act?

-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.7/10 Medium
LOCAL / HIGH complexity

Affected Products (20)

Advisor For Oneapi
Cpu Runtime For Opencl Applications
Distribution For Python Programming Language
Dpc\+\+ Compatibility Tool
Embree Ray Tracing Kernel Library
Fortran Compiler
Implicit Spmd Program Compiler
Inspector For Oneapi
Integrated Performance Primitives
Ipp Cryptography
Mpi Library
Oneapi Data Analytics Library
Oneapi Deep Neural Network Library
Oneapi Dpc\+\+\/C\+\+ Compiler
Oneapi Dpc\+\+ Library \(Onedpl\)
Oneapi Hpc Toolkit
Oneapi Iot Toolkit
Oneapi Math Kernel Library
Oneapi Rendering Toolkit

Affected Vendors

Intel

References (2)

Vendor Advisory http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.h...
Vendor Advisory http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.h...
39
/ 100
moderate-risk
Severity 17/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 22/34 · High