CVE-2022-40196

Vulnerability

An improper access control vulnerability exists in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 and Intel C++ Compiler Classic before version 2021.7.1, which are components of some Intel(R) oneAPI Toolkits before version 2022.3.1 [1]. The vulnerability arises from insufficient enforcement of access controls during compiler operations, potentially allowing an authenticated user to bypass intended restrictions.

Exploitation

To exploit this vulnerability, an attacker must have local access to the system and be authenticated as a user [1]. No special privileges or user interaction beyond authentication is required. The attacker could execute crafted commands or use the compiler in a way that triggers the improper access control, leading to actions that should normally be restricted.

Impact

Successful exploitation could enable an authenticated attacker to escalate privileges locally [1], potentially gaining higher-level privileges than intended. This could lead to unauthorized access to sensitive resources, modification of system components, or full compromise of the affected system.

Mitigation

Intel has released fixed versions: Intel(R) oneAPI DPC++/C++ Compiler version 2022.2.1 and later, Intel C++ Compiler Classic version 2021.7.1 and later, and Intel(R) oneAPI Toolkits version 2022.3.1 and later [1]. Users should update their software to the latest available versions. If immediate patching is not possible, Intel recommends following security best practices for local access control and monitoring.