CVE-2022-26421

Vulnerability

An uncontrolled search path element exists in the Intel(R) oneAPI DPC++/C++ Compiler Runtime, affecting versions before 2022.0 [1]. The bug allows the runtime to load shared libraries from untrusted directories due to insufficient validation of the search path, which can be exploited by an attacker with local access and valid credentials.

Exploitation

An authenticated user with local access can exploit the vulnerability by placing a malicious dynamic-link library (DLL) or shared object in a directory that is part of the runtime's search path but is writable by the user. When the vulnerable version of the runtime is invoked by a privileged process (or in a context where it loads necessary components), it will load the attacker's payload instead of the legitimate library, leading to code execution in the context of the calling process.

Impact

Successful exploitation allows the attacker to execute arbitrary code with elevated privileges, leading to a complete escalation of privilege. This compromises confidentiality, integrity, and availability (CIA) on the affected system, as the attacker can gain administrative or system-level access [1].

Mitigation

Intel has released version 2022.0 of the oneAPI DPC++/C++ Compiler Runtime, which addresses the uncontrolled search path issue [1]. Users should update to version 2022.0 or later. There is no known workaround for earlier versions. The advisory does not indicate that the CVE is on the CISA Known Exploited Vulnerabilities (KEV) list.