Multiple vulnerabilities in Intel oneAPI Toolkit Software
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2023-35121 CVE-2023-29162 |
| CWE-ID | CWE-284 CWE-119 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Intel Cluster Checker Hardware solutions / Firmware Intel Distribution for Python Hardware solutions / Firmware Intel oneAPI AI Analytics Toolkit Hardware solutions / Firmware Intel oneAPI Math Kernel Library Hardware solutions / Firmware Intel VTune™ Profiler for oneAPI Hardware solutions / Firmware Intel C++ Compiler Classic Hardware solutions / Firmware Intel Integrated Performance Primitives Universal components / Libraries / Libraries used by multiple products MPI Library Universal components / Libraries / Libraries used by multiple products Intel Trace Analyzer and Collector Universal components / Libraries / Software for developers oneAPI DPC++/C++ Compiler Universal components / Libraries / Software for developers Intel Advisor for oneAPI Universal components / Libraries / Software for developers Intel Inspector for oneAPI Universal components / Libraries / Software for developers Intel IPP Cryptography Universal components / Libraries / Software for developers Intel oneAPI Base Toolkit Universal components / Libraries / Software for developers Intel oneAPI Deep Neural Network Library Universal components / Libraries / Software for developers Intel oneAPI HPC Toolkit Universal components / Libraries / Software for developers Intel oneAPI IoT Toolkit Universal components / Libraries / Software for developers Intel oneAPI Threading Building Blocks Universal components / Libraries / Software for developers |
| Vendor | Intel |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Improper access control
EUVDB-ID: #VU87125
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-35121
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A local user can bypass implemented security restrictions and gain elevated privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Cluster Checker: 2021.7.3
Intel Integrated Performance Primitives: 2021.9.0
Intel Distribution for Python: 2023.1
Intel oneAPI AI Analytics Toolkit: 2023.2
Intel Trace Analyzer and Collector: 2021.10.0
oneAPI DPC++/C++ Compiler: before 2023.2.1
Intel Advisor for oneAPI: before 2023.2.0
Intel Inspector for oneAPI: before 2023.2.0
Intel IPP Cryptography: before 2021.8.0
MPI Library: before 2021.10.0
Intel oneAPI Base Toolkit: before 2023.2.0
Intel oneAPI Deep Neural Network Library: before 2023.2.0
Intel oneAPI HPC Toolkit: before 2023.2.0
Intel oneAPI IoT Toolkit: before 2023.2.0
Intel oneAPI Math Kernel Library: before 2023.2.0
Intel oneAPI Threading Building Blocks: before 2021.10.0
Intel VTune™ Profiler for oneAPI: before 2023.2.0
CPE2.3- cpe:2.3:h:intel:intel_cluster_checker:2021.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:intel:intel_integrated_performance_primitives:2021.9.0:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_distribution_for_python:2023.1:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_oneapi_ai_analytics_toolkit:2023.2:*:*:*:*:*:*:*
- cpe:2.3:a:intel:intel_trace_analyzer_and_collector:2021.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:intel:oneapi_dpc_plus_plus_c_plus_plus_compiler:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:intel_advisor_for_oneapi:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:intel_inspector_for_oneapi:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:intel_ipp_cryptography:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:mpi_library:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:intel_oneapi_base_toolkit:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:intel_oneapi_deep_neural_network_library:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:intel_oneapi_hpc_toolkit:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:intel_oneapi_iot_toolkit:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:oneMKL:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:intel_oneapi_threading_building_blocks:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_vtune™_profiler_for_oneapi:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00988.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU87127
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-29162
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A local administrator can trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Cluster Checker: 2021.7.3
Intel Integrated Performance Primitives: 2021.9.0
Intel Distribution for Python: 2023.1
Intel oneAPI AI Analytics Toolkit: 2023.2
Intel Trace Analyzer and Collector: 2021.10.0
Intel Advisor for oneAPI: before 2023.2.0
Intel Inspector for oneAPI: before 2023.2.0
Intel IPP Cryptography: before 2021.8.0
MPI Library: before 2021.10.0
Intel oneAPI Base Toolkit: before 2023.2.0
Intel oneAPI Deep Neural Network Library: before 2023.2.0
Intel oneAPI HPC Toolkit: before 2023.2.0
Intel oneAPI IoT Toolkit: before 2023.2.0
Intel oneAPI Math Kernel Library: before 2023.2.0
Intel oneAPI Threading Building Blocks: before 2021.10.0
Intel VTune™ Profiler for oneAPI: before 2023.2.0
Intel C++ Compiler Classic: before 2021.8
CPE2.3- cpe:2.3:h:intel:intel_cluster_checker:2021.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:intel:intel_integrated_performance_primitives:2021.9.0:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_distribution_for_python:2023.1:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_oneapi_ai_analytics_toolkit:2023.2:*:*:*:*:*:*:*
- cpe:2.3:a:intel:intel_trace_analyzer_and_collector:2021.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:intel:intel_advisor_for_oneapi:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:intel_inspector_for_oneapi:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:intel_ipp_cryptography:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:mpi_library:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:intel_oneapi_base_toolkit:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:intel_oneapi_deep_neural_network_library:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:intel_oneapi_hpc_toolkit:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:intel_oneapi_iot_toolkit:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:oneMKL:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:intel_oneapi_threading_building_blocks:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_vtune™_profiler_for_oneapi:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_c_plus_plus_compiler_classic:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00988.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
