CVE-2023-29162

Vulnerability

An improper buffer restrictions vulnerability exists in the Intel(R) C++ Compiler Classic before version 2021.8 for Intel(R) oneAPI Toolkits before version 2022.3.1 [1]. The issue resides in how the compiler handles certain buffer operations, potentially allowing memory corruption under specific conditions that require local access and elevated privileges [1].

Exploitation

An attacker must have local access to the system and already possess sufficient privileges (e.g., a user account with limited administrative rights) to trigger the vulnerable code path [1]. The exploitation sequence involves manipulating inputs to the compiler in a way that bypasses buffer size checks, leading to a memory corruption condition [1].

Impact

Successful exploitation could allow an attacker to escalate their privileges on the affected system [1]. The exact level of compromise depends on the execution context, but the vulnerability is rated as high severity (CVSS 7.8) [1].

Mitigation

Intel has released Intel(R) C++ Compiler Classic version 2021.8 as part of Intel(R) oneAPI Toolkits version 2022.3.1 to address this issue [1]. Users should update to these fixed versions. No workaround is documented in the available reference [1].