CVE-2023-27391

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-27391
Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local access.

6.7 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:intel:advisor_for_oneapi:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:cpu_runtime_for_opencl_applications:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:distribution_for_python_programming_language:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:dpc\+\+_compatibility_tool:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:embree_ray_tracing_kernel_library:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:fortran_compiler:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:implicit_spmd_program_compiler:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:inspector_for_oneapi:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:integrated_performance_primitives:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:ipp_cryptography:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:mpi_library:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:oneapi_base_toolkit:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:oneapi_data_analytics_library:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:oneapi_deep_neural_network_library:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:oneapi_dpc\+\+\/c\+\+_compiler:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:oneapi_dpc\+\+_library_\(onedpl\):*:*:*:*:*:*:*:*
cpe:2.3:a:intel:oneapi_hpc_toolkit:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:oneapi_iot_toolkit:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:oneapi_math_kernel_library:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:oneapi_rendering_toolkit:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:oneapi_threading_building_blocks:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:oneapi_toolkit_and_component_software_installer:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:oneapi_video_processing_library:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:open_image_denoise:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:open_volume_kernel_library:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:ospray:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:ospray_studio:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:trace_analyzer_and_collector:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:vtune_profiler_for_oneapi:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2023-08-11 03:15

Updated : 2023-11-07 04:09

NVD link : CVE-2023-27391

Mitre link : CVE-2023-27391

CVE.ORG link : CVE-2023-27391

JSON object : View

Products Affected

intel

  • oneapi_math_kernel_library
  • embree_ray_tracing_kernel_library
  • cpu_runtime_for_opencl_applications
  • advisor_for_oneapi
  • oneapi_dpc\+\+_library_\(onedpl\)
  • oneapi_video_processing_library
  • mpi_library
  • vtune_profiler_for_oneapi
  • trace_analyzer_and_collector
  • oneapi_hpc_toolkit
  • oneapi_rendering_toolkit
  • distribution_for_python_programming_language
  • implicit_spmd_program_compiler
  • open_image_denoise
  • open_volume_kernel_library
  • ipp_cryptography
  • oneapi_base_toolkit
  • inspector_for_oneapi
  • oneapi_dpc\+\+\/c\+\+_compiler
  • oneapi_data_analytics_library
  • dpc\+\+_compatibility_tool
  • oneapi_threading_building_blocks
  • oneapi_deep_neural_network_library
  • integrated_performance_primitives
  • ospray
  • oneapi_toolkit_and_component_software_installer
  • ospray_studio
  • fortran_compiler
  • oneapi_iot_toolkit
CWE
NVD-CWE-noinfo CWE-284

Improper Access Control