CVE-2023-28823
First published: Fri Aug 11 2023(Updated: )
Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local access.
Credit: secure@intel.com secure@intel.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Intel Advisor For Oneapi | <2023.1 | |
| Intel Cpu Runtime For Opencl Applications | <2023.1 | |
| Intel Distribution For Python Programming Language | <2023.1 | |
| Intel Dpc\+\+ Compatibility Tool | <2023.1 | |
| Intel Embree Ray Tracing Kernel Library | <2023.1 | |
| Intel Fortran Compiler | <2023.1 | |
| Intel Implicit Spmd Program Compiler | <1.19.1 | |
| Intel Inspector For Oneapi | <2023.1 | |
| Intel Integrated Performance Primitives | <2021.8 | |
| Intel Ipp Cryptography | <2021.7.0 | |
| Intel MPI Library | <2021.9.0 | |
| Intel Oneapi Base Toolkit | <2023.1 | |
| Intel Oneapi Data Analytics Library | <2023.1 | |
| Intel Oneapi Deep Neural Network Library | <2023.1 | |
| Intel Oneapi Dpc\+\+\/c\+\+ Compiler | <2023.1 | |
| Intel Oneapi Dpc\+\+ Library \(onedpl\) | <2022.1 | |
| Intel Oneapi Hpc Toolkit | <2023.1 | |
| Intel Oneapi Iot Toolkit | <2023.1 | |
| Intel Oneapi Math Kernel Library | <2023.1 | |
| Intel Oneapi Rendering Toolkit | <2023.1 | |
| Intel Oneapi Threading Building Blocks | <2021.9.0 | |
| Intel Oneapi Toolkit And Component Software Installer | <4.3.1.493 | |
| Intel Oneapi Video Processing Library | <2023.1 | |
| Intel Open Image Denoise | <1.4.3 | |
| Intel Open Volume Kernel Library | <2023.1 | |
| Intel Ospray | <2023.1 | |
| Intel Ospray Studio | <2023.1 | |
| Intel Trace Analyzer and Collector | <2021.9.0 | |
| Intel Vtune Profiler For Oneapi | <2023.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-28823?
CVE-2023-28823 is a vulnerability that allows an authenticated user to potentially enable escalation of privilege via local access.
Which software is affected by CVE-2023-28823?
The following Intel(R) oneAPI Toolkit and component software installers are affected: Intel Advisor for OneAPI, Intel CPU Runtime for OpenCL Applications, Intel Distribution for Python Programming Language, Intel DPC++ Compatibility Tool, Intel Embree Ray Tracing Kernel Library, Intel Fortran Compiler, Intel Implicit SPMD Program Compiler, Intel Inspector for OneAPI, Intel Integrated Performance Primitives, Intel IPP Cryptography, Intel MPI Library, Intel OneAPI Base Toolkit, Intel OneAPI Data Analytics Library, Intel OneAPI Deep Neural Network Library, Intel OneAPI DPC++/C++ Compiler, Intel OneAPI DPC++ Library (oneDPL), Intel OneAPI HPC Toolkit, Intel OneAPI IoT Toolkit, Intel OneAPI Math Kernel Library, Intel OneAPI Rendering Toolkit, Intel OneAPI Threading Building Blocks, Intel OneAPI Toolkit and Component Software Installer, Intel OneAPI Video Processing Library, Intel Open Image Denoise, Intel Open Volume Kernel Library, Intel OSPRay, Intel OSPRay Studio, Intel Trace Analyzer and Collector, Intel VTune Profiler for OneAPI.
What is the severity of CVE-2023-28823?
The severity of CVE-2023-28823 is high with a CVSS score of 7.3.
How can an authenticated user exploit CVE-2023-28823?
An authenticated user can potentially enable escalation of privilege via local access.
Where can I find more information about CVE-2023-28823?
You can find more information about CVE-2023-28823 at the following reference: [Intel Security Advisory INTEL-SA-00890](http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html)
- collector/nvd-api
- collector/nvd-index
- agent/event
- agent/type
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/intel
- canonical/intel advisor for oneapi
- canonical/intel cpu runtime for opencl applications
- canonical/intel distribution for python programming language
- canonical/intel dpc\+\+ compatibility tool
- canonical/intel embree ray tracing kernel library
- canonical/intel fortran compiler
- canonical/intel implicit spmd program compiler
- canonical/intel inspector for oneapi
- canonical/intel integrated performance primitives
- canonical/intel ipp cryptography
- canonical/intel mpi library
- canonical/intel oneapi base toolkit
- canonical/intel oneapi data analytics library
- canonical/intel oneapi deep neural network library
- canonical/intel oneapi dpc\+\+\/c\+\+ compiler
- canonical/intel oneapi dpc\+\+ library \(onedpl\)
- canonical/intel oneapi hpc toolkit
- canonical/intel oneapi iot toolkit
- canonical/intel oneapi math kernel library
- canonical/intel oneapi rendering toolkit
- canonical/intel oneapi threading building blocks
- canonical/intel oneapi toolkit and component software installer
- canonical/intel oneapi video processing library
- canonical/intel open image denoise
- canonical/intel open volume kernel library
- canonical/intel ospray
- canonical/intel ospray studio
- canonical/intel trace analyzer and collector
- canonical/intel vtune profiler for oneapi