VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 11, 2023· Updated Oct 15, 2024

CVE-2023-28658

CVE-2023-28658

Description

Intel oneMKL before 2022.0 contains insecure inherited permissions that let a local authenticated user escalate privileges via local access.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Intel oneMKL before 2022.0 contains insecure inherited permissions that let a local authenticated user escalate privileges via local access.

Vulnerability

Insecure inherited permissions in some Intel(R) oneMKL software before version 2022.0 [1] may allow an authenticated user to potentially enable escalation of privilege via local access. The exact component and affected versions are described in the vendor advisory [1].

Exploitation

An attacker must have local access and be authenticated on the system where the affected Intel oneMKL software is installed [1]. No user interaction beyond being a local authenticated user is required. The specific attack steps involve leveraging the insecure inheritance of permissions to gain elevated privileges [1].

Impact

Successful exploitation could allow the attacker to gain escalation of privilege [1], meaning they could obtain higher-level access rights on the system than intended. The impact is limited to local access, and the vulnerability does not enable remote exploitation [1].

Mitigation

Intel has addressed the issue in oneMKL version 2022.0 or later [1]. Users should update to the fixed version to mitigate the vulnerability. No workaround is mentioned in the available references [1].

References
  1. INTEL-SA-00873

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Oneapi Src/Onemklinferred2 versions
    <2022.0+ 1 more
    • (no CPE)range: <2022.0
    • (no CPE)range: <2022.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

1

News mentions

0

No linked articles in our index yet.