Sign-up

ID

VAR-202301-0871


CVE

CVE-2022-38136


TITLE

Intel(R) oneAPI DPC++/C++ Compiler Code problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202301-904

DESCRIPTION

Uncontrolled search path in the Intel(R) oneAPI DPC++/C++ Compiler for Windows and Intel Fortran Compiler for Windows before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access

Trust: 1.08

sources: NVD: CVE-2022-38136 // VULHUB: VHN-433974 // VULMON: CVE-2022-38136

AFFECTED PRODUCTS

vendor:intelmodel:oneapi dpc\+\+\/c\+\+ compilerscope:ltversion:2022.2.1

Trust: 1.0

sources: NVD: CVE-2022-38136

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-38136
value: HIGH

Trust: 1.0

secure@intel.com: CVE-2022-38136
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202301-904
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-38136
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.3
impactScore: 5.9
version: 3.1

Trust: 1.0

secure@intel.com: CVE-2022-38136
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202301-904 // NVD: CVE-2022-38136 // NVD: CVE-2022-38136

PROBLEMTYPE DATA

problemtype:CWE-427

Trust: 1.1

sources: VULHUB: VHN-433974 // NVD: CVE-2022-38136

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202301-904

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202301-904

PATCH

title:Intel(R) oneAPI DPC++/C++ Compiler Fixes for code issue vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=225278

Trust: 0.6

sources: CNNVD: CNNVD-202301-904

EXTERNAL IDS

db:NVDid:CVE-2022-38136

Trust: 1.8

db:AUSCERTid:ESB-2023.0147.2

Trust: 0.6

db:CNNVDid:CNNVD-202301-904

Trust: 0.6

db:VULHUBid:VHN-433974

Trust: 0.1

db:VULMONid:CVE-2022-38136

Trust: 0.1

sources: VULHUB: VHN-433974 // VULMON: CVE-2022-38136 // CNNVD: CNNVD-202301-904 // NVD: CVE-2022-38136

REFERENCES

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00773.html

Trust: 1.8

url:https://cxsecurity.com/cveshow/cve-2022-38136/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.0147.2

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-433974 // VULMON: CVE-2022-38136 // CNNVD: CNNVD-202301-904 // NVD: CVE-2022-38136

SOURCES

db:VULHUBid:VHN-433974
db:VULMONid:CVE-2022-38136
db:CNNVDid:CNNVD-202301-904
db:NVDid:CVE-2022-38136

LAST UPDATE DATE

2024-08-14T14:30:47.489000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-433974date:2023-02-14T00:00:00
db:VULMONid:CVE-2022-38136date:2023-02-06T00:00:00
db:CNNVDid:CNNVD-202301-904date:2023-03-14T00:00:00
db:NVDid:CVE-2022-38136date:2023-03-17T00:15:11.027

SOURCES RELEASE DATE

db:VULHUBid:VHN-433974date:2023-02-06T00:00:00
db:VULMONid:CVE-2022-38136date:2023-02-06T00:00:00
db:CNNVDid:CNNVD-202301-904date:2023-01-11T00:00:00
db:NVDid:CVE-2022-38136date:2023-02-06T19:15:09.827