Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability
Description
Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the DSA Service. By creating a symbolic link, an attacker can abuse the service to write a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21845.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CVE-2023-50197 is a local privilege escalation vulnerability in Intel Driver & Support Assistant, allowing an attacker to gain SYSTEM privileges via a symbolic link.
Vulnerability
CVE-2023-50197 is a local privilege escalation vulnerability in the Intel Driver & Support Assistant (DSA) service. The specific flaw resides within the DSA Service and can be triggered by creating a symbolic link, which the service follows to write a file. The vulnerability affects Intel Driver & Support Assistant; the exact affected versions are not disclosed in the available references [1].
Exploitation
An attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. The attacker then creates a symbolic link that abusively causes the DSA Service to write a file to an unintended location, leveraging the service's high-integrity operations [1].
Impact
Successful exploitation allows the attacker to escalate privileges and execute arbitrary code in the context of SYSTEM, leading to complete compromise of the affected system [1].
Mitigation
As of the publication date (2024-05-03), no patch or fixed version has been announced in the available references. Users should monitor Intel's security advisories for updates. No workaround is provided in the referenced advisory [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: 23.3.25.6
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.zerodayinitiative.com/advisories/ZDI-23-1773/mitrex_research-advisory
News mentions
0No linked articles in our index yet.