Intel® oneAPI HPC Toolkit
Get help with building, analyzing, optimizing, and scaling high-performance computing (HPC) applications.
1986 Discussions

Regarding for CVE-2022-41342 of INTEL-SA-00773

N2020
Beginner
137 Views

According to the article at the following URL

URL:  https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00773.html


/---
CVEID: CVE-2022-41342
Description: Improper buffer restrictions the Intel(R) C++ Compiler Classic before version 2021.8 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.0 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L
---/

 

The Intel C++ Compiler Classic before 2021.8 for some Intel oneAPI Toolkits before 2022.3.1 is improper for CVE-2022-41342.
But Intel oneAPI Toolkits 2022.3.1 doesn't include the Intel C++ Compiler Classic 2021.8 but 2021.7.1.
On the other hand, oneAPI Toolkits 2023.0.0 includes Intel C++ Compiler Classic 2021.8.
Which version of oneAPI is fine for this problem (CVE-2022-41342)?

oneAPI 2022.3.1 or 2023.0.0?

 

 

0 Kudos
2 Replies
ShivaniK_Intel
Moderator
67 Views

Hi,


We are working on it and will get back to you soon.


Thanks & Regards

Shivani


ShivaniK_Intel
Moderator
20 Views

Hi,


 As a part of the overall Intel oneAPI 2023.0, HPC Toolkit 2023.0, includes all recent updates, that contain Intel® C++ Compiler Classic 2021.8 with the fix.


Thanks & Regards

Shivani  


Reply