CVE-2022-26345

Vulnerability

An uncontrolled search path element exists in the Intel(R) oneAPI Toolkit OpenMP component prior to version 2022.1 [1]. This vulnerability occurs when the software searches for dynamic libraries in an unsafe order, allowing an attacker with local access to place a malicious DLL in a directory that is searched before the intended path. The affected versions are all releases before 2022.1.

Exploitation

An authenticated user with local access can exploit this vulnerability by placing a specially crafted library in a location that is searched by the vulnerable OpenMP component. When the component loads, it will inadvertently load the malicious library instead of the legitimate one. No additional privileges or user interaction beyond authentication is required, but the attacker must have write access to the target directory.

Impact

Successful exploitation leads to escalation of privilege. The attacker gains the ability to execute arbitrary code with the privileges of the vulnerable process, potentially achieving SYSTEM or administrator-level access. This could result in full compromise of the affected system.

Mitigation

Intel has addressed this issue in oneAPI Toolkit OpenMP version 2022.1 [1]. Users should update to this version or later. No workaround is available for earlier versions.