CVE-2023-35121

moderate-risk
Published 2024-02-14

Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow authenticated user to potentially enable escalation of privilege via local access.

Do I need to act?

-
0.11% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / HIGH complexity

Affected Products (18)

Advisor
Cluster Checker
Distribution For Python
Inspector
Integrated Performance Primitives
Integrated Performance Primitives Cryptography
Mpi Library
Oneapi Ai Analytics Toolkit
Oneapi Deep Neural Network
Oneapi Deep Neural Network
Oneapi Hpc Toolkit
Oneapi Iot Toolkit
Oneapi Math Kernel Library
Threading Building Blocks
Vtune Profiler

Affected Vendors

Intel

References (2)

Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00988....
Vendor Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00988....
39
/ 100
moderate-risk
Severity 20/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 19/34 · Moderate