Security Advisory

Intel Product Security Update Advisory

  • Sep 09 2024

Overview

An update has been released to address vulnerabilities in Intel Products. Users of the affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-28172

  • Intel® Trace Analyzer and Collector versions: ~ 2022.1 (excluded)
  • Intel® oneAPI HPC Toolkit versions: ~ 2024.1.0 (excluded)

 

CVE-2024-26027

  • Intel® Simics Package Manager Software versions: ~ 1.8.3 (excluded)

 

CVE-2024-28876

  • Intel® MPI Library versions: ~ 2021.12 (excluded)
  • Intel® oneAPI HPC Toolkit versions: ~ 2024.1 (excluded)

 

CVE-2024-23907

  • Intel® High Level Synthesis Compiler software versions: ~ 23.4 (excluded)
  • Intel® Quartus® Prime Pro Edition Design software versions: ~ 23.4 (excluded)
  • Intel® DPC++ C++ Compiler software versions: ~ 2024.1 (excluded)

 

CVE-2024-26025

  • Intel® Advisor software versions: ~ 2024.1 (excluded)
  • Intel® oneAPI Base Toolkit versions: ~ 2024.1 (excluded)

 

CVE-2024-28046

  • Intel® GPA software versions: ~ 2024.1 (excluded)

 

CVE-2024-23909

  • Intel® FPGA SDK for OpenCL™ software technology all versions

 

 

Resolved Vulnerabilities

 

Uncontrolled search path in some Intel(R) Trace Analyzer and Collector software allows authenticated users to escalate privileges via local access (CVE-2024-28172)

Vulnerability in some Intel(R) Simics Package Manager software via an uncontrolled search path that allows an authenticated user to escalate privileges via local access (CVE-2024-26027)

Vulnerability in some Intel(R) MPI Library software via an uncontrolled search path that could allow an authenticated user to escalate privileges via local access (CVE-2024-28876)

Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software allows an authenticated user to escalate privileges via local access (CVE-2024-23907)

Incorrect default privileges in some Intel(R) Advisor software could allow an authenticated user to escalate privileges via local access (CVE-2024-26025)

Vulnerability in some Intel(R) GPA software via an uncontrolled search path, which could allow an authenticated user to escalate privileges via local access (CVE-2024-28046)

Uncontrolled search path in some Intel(R) FPGA SDKs allows an authenticated user to escalate privileges via local access (CVE-2024-23909)

 

Vulnerability Patches

 

The following product-specific Vulnerability Patches have been made available with the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-28172

  • Intel® Trace Analyzer and Collector versions: 2022.1 or later versions
  • Intel® oneAPI HPC Toolkit version: 2024.1.0 or later versions

 

CVE-2024-26027

  • Intel® Simics Package Manager Software versions: 1.8.3 or later versions

 

CVE-2024-28876

  • Intel® MPI Library versions: 2021.12 or later versions
  • Intel® oneAPI HPC Toolkit versions: 2024.1 or later versions

 

CVE-2024-23907

  • Intel® High Level Synthesis Compiler software versions: 23.4 or later versions
  • Intel® Quartus® Prime Pro Edition Design software versions: 23.4 or later versions
  • Intel® DPC++ C++ Compiler software versions: 2024.1 or later versions

 

CVE-2024-26025

  • Intel® Advisor software versions: 2024.1 or later versions
  • Intel® oneAPI Base Toolkit versions: 2024.1 or later version

 

CVE-2024-28046

  • Intel® GPA software versions: 2024.1 or later versions

 

CVE-2024-23909

These products have been discontinued and users of these products are advised to migrate to the Intel® FPGA Add-on for oneAPI Base Toolkit as soon as possible.

Updates are available for download at the following locations.

Intel® FPGA Add-on for oneAPI Base Toolkit download:
https://www.intel.com/content/www/us/en/developer/tools/oneapi/fpga.html

 

References

[1] CVE-2024-28172 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-28172

[2] Intel® Trace Analyzer and Collector Software Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01117.html

[3] CVE-2024-26027 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-26027

[4] Intel® Simics Package Manager Software Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01116.html

[5] CVE-2024-28876 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-28876

[6] Intel® MPI Library Software Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01115.html

[7] CVE-2024-23907 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-23907

[8] Intel® High Level Synthesis Compiler Software Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01113.html

[9] CVE-2024-26025 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-26025

[10] Intel® Advisor Software Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01110.html

[11] CVE-2024-28046 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-28046

[12] Intel® GPA Software Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01105.html

[13] CVE-2024-23909 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-23909

[14] Intel® FPGA SDK for OpenCL™ Software Technology Advisory

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01104.html

Tags:

Previous Post

Next Post