Intel ITT API Uncontrolled Search Path Vulnerability Allowing Privilege Escalation
Vulnerability
A vulnerability exists in the Intel Instrumentation and Tracing Technology API (ITT API) software prior to version 3.25.4, which may allow an escalation of privilege. This issue arises from an uncontrolled search path within user applications, potentially enabling an unprivileged, authenticated user to execute a complex attack that escalates privileges. The vulnerability requires local access, active user interaction, and does not demand special internal knowledge. It could significantly impact the system's confidentiality, integrity, and availability.
Impact
Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing a user to gain elevated rights or access within the system.
Remediation
Users are advised to update the ITT API software to version 3.25.4 or later. The latest version can be downloaded from the Intel ITT API GitHub releases page. Additionally, users of Intel oneAPI Toolkits, Intel HPC Toolkit, or Intel VTune Profiler should update to the latest versions available through the Intel oneAPI Toolkit download page.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.