Details of VAR-202302-1302

ID

VAR-202302-1302

CVE

CVE-2022-25905

TITLE

Intel's oneapi data analytics library Vulnerability regarding uncontrolled search path elements in

Trust: 0.8

sources: JVNDB: JVNDB-2022-019762

DESCRIPTION

Uncontrolled search path element in the Intel(R) oneAPI Data Analytics Library (oneDAL) before version 2021.5 for Intel(R) oneAPI Base Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-25905 // JVNDB: JVNDB-2022-019762 // VULHUB: VHN-416697 // VULMON: CVE-2022-25905

AFFECTED PRODUCTS

vendor:	intel	model:	oneapi data analytics library	scope:	lt	version:	2021.5	Trust: 1.0
vendor:	インテル	model:	oneapi data analytics library	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	oneapi data analytics library	scope:	eq	version:	2021.5	Trust: 0.8
vendor:	インテル	model:	oneapi data analytics library	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-019762 // NVD: CVE-2022-25905

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-25905
value:	HIGH
Trust: 1.0
secure@intel.com:	CVE-2022-25905
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-25905
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202302-1410
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-25905
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.3
impactScore:	5.9
version:	3.1
Trust: 1.0
secure@intel.com:	CVE-2022-25905
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-25905
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-019762 // CNNVD: CNNVD-202302-1410 // NVD: CVE-2022-25905 // NVD: CVE-2022-25905

PROBLEMTYPE DATA

problemtype:	CWE-427	Trust: 1.1
problemtype:	Uncontrolled search path elements (CWE-427) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-416697 // JVNDB: JVNDB-2022-019762 // NVD: CVE-2022-25905

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-1410

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202302-1410

PATCH

title:	Intel(R) oneAPI DPC++/C++ Compiler Fixes for code issue vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=227096	Trust: 0.6
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2022-25905	Trust: 0.1

sources: VULMON: CVE-2022-25905 // CNNVD: CNNVD-202302-1410

EXTERNAL IDS

db:	NVD	id:	CVE-2022-25905	Trust: 3.4
db:	JVN	id:	JVNVU91223897	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-019762	Trust: 0.8
db:	CNNVD	id:	CNNVD-202302-1410	Trust: 0.6
db:	VULHUB	id:	VHN-416697	Trust: 0.1
db:	VULMON	id:	CVE-2022-25905	Trust: 0.1

sources: VULHUB: VHN-416697 // VULMON: CVE-2022-25905 // JVNDB: JVNDB-2022-019762 // CNNVD: CNNVD-202302-1410 // NVD: CVE-2022-25905

REFERENCES

url:	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html	Trust: 2.6
url:	https://jvn.jp/vu/jvnvu91223897/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25905	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-25905/	Trust: 0.6
url:	https://github.com/live-hack-cve/cve-2022-25905	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-416697 // VULMON: CVE-2022-25905 // JVNDB: JVNDB-2022-019762 // CNNVD: CNNVD-202302-1410 // NVD: CVE-2022-25905

SOURCES

db:	VULHUB	id:	VHN-416697
db:	VULMON	id:	CVE-2022-25905
db:	JVNDB	id:	JVNDB-2022-019762
db:	CNNVD	id:	CNNVD-202302-1410
db:	NVD	id:	CVE-2022-25905

LAST UPDATE DATE

2024-08-14T12:13:43.695000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-416697	date:	2023-02-28T00:00:00
db:	VULMON	id:	CVE-2022-25905	date:	2023-02-17T00:00:00
db:	JVNDB	id:	JVNDB-2022-019762	date:	2023-10-27T06:40:00
db:	CNNVD	id:	CNNVD-202302-1410	date:	2023-03-01T00:00:00
db:	NVD	id:	CVE-2022-25905	date:	2023-02-28T19:40:31.273

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-416697	date:	2023-02-16T00:00:00
db:	VULMON	id:	CVE-2022-25905	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2022-019762	date:	2023-10-27T00:00:00
db:	CNNVD	id:	CNNVD-202302-1410	date:	2023-02-16T00:00:00
db:	NVD	id:	CVE-2022-25905	date:	2023-02-16T20:15:12.440