Vulnerability DatabaseCVE-2023-41091

CVE-2023-41091:
Intel MPI Library vulnerability analysis and mitigation

Overview

CVE-2023-41091 affects Intel(R) MPI Library Software versions before 2021.11. The vulnerability was disclosed on February 14, 2024, and involves an uncontrolled search path element that could potentially enable privilege escalation. The vulnerability specifically impacts authenticated users who have local access to systems running the affected versions of Intel MPI Library Software (Intel Advisory).

Technical details

The vulnerability is classified as an Uncontrolled Search Path Element (CWE-427) issue. It has received a CVSS v3.1 base score of 7.8 (HIGH) from NIST with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, while Intel Corporation assessed it with a score of 6.7 (MEDIUM) and vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H (NVD).

Impact

If exploited, this vulnerability could allow an authenticated user with local access to escalate their privileges on the affected system. The high CVSS scores indicate potential severe impacts on system confidentiality, integrity, and availability (Intel Advisory).

Mitigation and workarounds

Users should upgrade to Intel(R) MPI Library Software version 2021.11 or later to address this vulnerability (Intel Advisory).

Additional resources

Source: This report was generated using AI

Related Intel MPI Library vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2023-41091	HIGH	7.8	Intel MPI Library	cpe:2.3:a:intel:mpi_library	No	Yes	Feb 14, 2024
CVE-2023-35121	HIGH	7.8	Intel oneAPI DPC++/C++ Compiler	cpe:2.3:a:intel:advisor	No	Yes	Feb 14, 2024
CVE-2023-27383	MEDIUM	6.8	Intel oneAPI Base Toolkit	cpe:2.3:a:intel:advisor	No	Yes	Nov 14, 2023
CVE-2023-29162	MEDIUM	6	Intel oneAPI Base Toolkit	cpe:2.3:a:intel:advisor	No	Yes	Feb 14, 2024
CVE-2024-28876	MEDIUM	5.4	Intel MPI Library	cpe:2.3:a:intel:mpi_library	No	Yes	Aug 14, 2024