CVE-2023-28715

Vulnerability

An improper access control vulnerability exists in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.2 [1]. The issue arises from insufficient access controls during the installation process, which an authenticated user with local access can exploit to potentially cause a denial of service condition [1].

Exploitation

An attacker must have local access to the system and valid authentication credentials. No special privileges beyond standard user access are required. The exploitation involves taking advantage of the flawed access control mechanisms to disrupt the normal operation of the installer or related components, leading to a denial of service [1].

Impact

Successful exploitation results in a denial of service (DoS) condition, affecting the availability of the Intel oneAPI Toolkit or its components [1]. The impact is limited to local system availability; no data confidentiality or integrity compromise is described in the available references.

Mitigation

Intel has released Intel oneAPI Toolkit version 4.3.2 or later to address this issue [1]. Users are advised to update to the latest version to mitigate the vulnerability. There are no indications that this CVE is listed in the Known Exploited Vulnerabilities (KEV) catalog.