Wiz
Vulnerability DatabaseCVE-2022-38136

CVE-2022-38136
Intel oneAPI DPC++/C++ Compiler vulnerability analysis and mitigation

Overview

An uncontrolled search path vulnerability was identified in the Intel(R) oneAPI DPC++/C++ Compiler for Windows and Intel Fortran Compiler for Windows before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1. This vulnerability could potentially allow an authenticated user to escalate privileges through local access (Intel Advisory).

Technical details

The vulnerability, tracked as CVE-2022-38136, affects Intel's compiler products, specifically the oneAPI DPC++/C++ Compiler and Fortran Compiler for Windows. The issue stems from an uncontrolled search path implementation that could be exploited by authenticated users with local access (Intel Advisory).

Impact

If successfully exploited, this vulnerability could enable an authenticated user to escalate privileges on the affected system through local access (Intel Advisory).

Mitigation and workarounds

Intel has addressed this vulnerability by releasing version 2022.2.1 of the oneAPI DPC++/C++ Compiler for Windows and Intel Fortran Compiler for Windows, as well as version 2022.3.1 of some Intel oneAPI Toolkits. Users are advised to update to these or later versions to mitigate the vulnerability (Intel Advisory).

Additional resources

SourceThis report was generated using AI

Related Intel oneAPI DPC++/C++ Compiler vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2023-35121HIGH7.8
  • Intel oneAPI DPC++/C++ CompilerIntel oneAPI DPC++/C++ Compiler
    		NoYesFeb 14, 2024
    CVE-2023-28823HIGH7.3
    • HomebrewHomebrew
    • cpe:2.3:a:intel:mpi_library
    		NoYesAug 11, 2023
    CVE-2023-27391MEDIUM6.7
    • HomebrewHomebrew
    • cpe:2.3:a:intel:oneapi_rendering_toolkit
    		NoYesAug 11, 2023
    CVE-2024-34165MEDIUM5.4
    • Intel oneAPI DPC++/C++ CompilerIntel oneAPI DPC++/C++ Compiler
    • cpe:2.3:a:intel:oneapi_dpc\+\+\/c\+\+_compiler
    		NoYesNov 13, 2024
    CVE-2024-23907MEDIUM5.4
    • Intel oneAPI DPC++/C++ CompilerIntel oneAPI DPC++/C++ Compiler
    • cpe:2.3:a:intel:oneapi_dpc\+\+\/c\+\+_compiler
    		NoYesAug 14, 2024

    Free Vulnerability Assessment

    Benchmark your Cloud Security Posture

    Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

    Request assessment

    Additional Wiz resources

    Cloud Vulnerability DB

    Cloud Vulnerability DB

    A community-led vulnerabilities database

    Cloud Threat Landscape

    Cloud Threat Landscape

    A threat intelligence database

    PEACH

    PEACH

    A tenant isolation framework

    Get a personalized demo

    Ready to see Wiz in action?

    "Best User Experience I have ever seen, provides full visibility to cloud workloads."
    David EstlickCISO
    "Wiz provides a single pane of glass to see what is going on in our cloud environments."
    Adam FletcherChief Security Officer
    "We know that if Wiz identifies something as critical, it actually is."
    Greg PoniatowskiHead of Threat and Vulnerability Management
    Get a demo