Multiple vulnerabilities in Intel Distribution for GDB Software
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2024-25562 CVE-2024-23491 CVE-2024-24973 CVE-2024-23495 |
| CWE-ID | CWE-119 CWE-426 CWE-20 CWE-276 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Intel Distribution for GDB Hardware solutions / Firmware Intel oneAPI Base Toolkit Universal components / Libraries / Software for developers |
| Vendor |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU96039
Risk: Low
CVSSv3.1: 5.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-25562
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error. A local user can trigger memory corruption and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Distribution for GDB: before 2024.0.1
Intel oneAPI Base Toolkit: before 2024.1
CPE2.3http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01075.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Untrusted search path
EUVDB-ID: #VU96044
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23491
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an untrusted search path. A local user can place a malicious binary into a specific location on the system and execute arbitrary code with escalated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Distribution for GDB: before 2024.0.1
Intel oneAPI Base Toolkit: before 2024.1
CPE2.3http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01075.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU96045
Risk: Low
CVSSv3.1: 2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-24973
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Distribution for GDB: before 2024.0.1
Intel oneAPI Base Toolkit: before 2024.1
CPE2.3http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01075.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Incorrect default permissions
EUVDB-ID: #VU96046
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23495
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions. A local user can gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel Distribution for GDB: before 2024.0.1
Intel oneAPI Base Toolkit: before 2024.1
CPE2.3http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01075.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
