Re:Regarding for CVE-2022-41342 of INTEL-SA-00773

N2020 · ‎01-24-2023

According to the article at the following URL

URL: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00773.html

/---
CVEID: CVE-2022-41342
Description: Improper buffer restrictions the Intel(R) C++ Compiler Classic before version 2021.8 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.0 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L
---/

The Intel C++ Compiler Classic before 2021.8 for some Intel oneAPI Toolkits before 2022.3.1 is improper for CVE-2022-41342.
But Intel oneAPI Toolkits 2022.3.1 doesn't include the Intel C++ Compiler Classic 2021.8 but 2021.7.1.
On the other hand, oneAPI Toolkits 2023.0.0 includes Intel C++ Compiler Classic 2021.8.
Which version of oneAPI is fine for this problem (CVE-2022-41342)?

oneAPI 2022.3.1 or 2023.0.0?

ShivaniK_Intel · ‎01-27-2023

Hi,

Thanks for posting in the Intel forums.

We are working on it and will get back to you soon.

Thanks & Regards

Shivani

ShivaniK_Intel · ‎01-30-2023

Hi,

As a part of the overall Intel oneAPI 2023.0, HPC Toolkit 2023.0, includes all recent updates, that contain Intel® C++ Compiler Classic 2021.8 with the fix.

Thanks & Regards

Shivani

ShivaniK_Intel · ‎02-08-2023

Hi,

As we did not hear back from you could you please let us know whether your issue is resolved or not?

Thanks & Regards

Shivani

ShivaniK_Intel · ‎02-16-2023

Hi,

I have not heard back from you. This thread will be no longer monitored by Intel. If you need further assistance, please post a new question.

Thanks & Regards

Shivani