Privilege Escalation Vulnerability in Intel Compilers for Windows
CVE-2022-38136

6.7MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Oneapi Dpc++/c++ Compiler For Windows And Intelâ® Fortran Compiler For Windows Before Version 2022.2.1 For Some Intel(r) Oneapi Toolkits
Vendor: CVE Published:; 6 February 2023

What is CVE-2022-38136?

An uncontrolled search path vulnerability exists in the Intel oneAPI DPC++/C++ Compiler and Intel Fortran Compiler for Windows prior to version 2022.2.1, as well as in certain Intel oneAPI Toolkits before version 2022.3.1. This vulnerability may allow an authenticated user to escalate privileges through local access, potentially compromising system integrity and security.

Affected Version(s)

Intel(R) oneAPI DPC++/C++ Compiler for Windows and IntelÂ® Fortran Compiler for Windows before version 2022.2.1 for some Intel(R) oneAPI Toolkits Intel(R) oneAPI DPC++/C++ Compiler for Windows and IntelÂ® Fortran Compiler for Windows before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 6, 2023
Vulnerability Reserved
Sep 27, 2022