CVE-2024-29015: 
Intel oneAPI Base Toolkit vulnerability analysis and mitigation

An uncontrolled search path vulnerability was discovered in Intel VTune Profiler software versions prior to 2024.1. The vulnerability was assigned CVE-2024-29015 and was publicly disclosed on August 14, 2024. This security flaw affects Intel VTune Profiler and Intel OneAPI Base Toolkit software installations (Intel Advisory).

The vulnerability is classified as CWE-427 (Uncontrolled Search Path Element). According to the CVSS 3.1 scoring system, it received a base score of 7.8 (HIGH) from NIST with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Intel Corporation assessed it with a slightly lower CVSS 3.1 score of 6.7 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H (NVD).

The vulnerability could potentially enable escalation of privilege when exploited via local access. The high CVSS scores indicate significant potential impact on the confidentiality, integrity, and availability of the affected system (NVD).

Intel has addressed this vulnerability in VTune Profiler version 2024.1. Users are advised to upgrade to this version or later to mitigate the security risk (Intel Advisory).