CVE-2024-23491: 
Intel oneAPI Base Toolkit vulnerability analysis and mitigation

An uncontrolled search path vulnerability was discovered in Intel(R) Distribution for GDB software affecting versions before 2024.0.1. The vulnerability was assigned CVE-2024-23491 and was publicly disclosed on August 14, 2024. This security issue affects Intel Distribution for GDB software and Intel oneAPI Base Toolkit software versions prior to 2024.1 (Intel Advisory).

The vulnerability is classified as CWE-427 (Uncontrolled Search Path Element). It received a CVSS v3.1 base score of 7.3 (HIGH) from NIST with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H, while Intel Corporation assessed it with a slightly lower score of 6.7 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H. Under CVSS v4.0, Intel assigned it a score of 5.4 (MEDIUM) (NVD).

The vulnerability could potentially enable escalation of privilege via local access when successfully exploited (Intel Advisory, NVD).

Users are advised to update to Intel Distribution for GDB software version 2024.0.1 or later, and Intel oneAPI Base Toolkit software version 2024.1 or later to address this vulnerability (ASEC).