CVE-2024-28952

Published: Nov 13, 2024Modified: Sep 2, 2025

5.4

Vector

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: secure@intel.com (Secondary)

Description

Uncontrolled search path for some Intel(R) IPP software for Windows before version 2021.12.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Affected (2)

Products: Intel: Integrated Performance Primitives, Oneapi Base Toolkit

2 products

Integrated Performance Primitives

Oneapi Base Toolkit

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Intel Integrated Performance Primitives	Before 2021.12.0

Running on/with	Platform Versions
Microsoft Windows	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Intel Oneapi Base Toolkit	Before 2024.2

Related CWEs

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (1)

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01140.html

Source: secure@intel.com

Vendor Advisory

Timeline

No history available yet.