Severity
Medium
Analysis Summary
CVE-2023-40155 CVSS:6.7
Intel CST Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path. An authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2024-22379 CVSS:6.7
Intel Inspector Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path. An authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-41082 CVSS:4.4
Intel CST Software is vulnerable to a denial of service, caused by a NULL pointer dereference flaw. A local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-21777 CVSS:6.7
Intel Quartus Prime Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path. An authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-43487 CVSS:4.7
Intel CST Software is vulnerable to a denial of service, caused by improper access control. A local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-21823 CVSS:3.6
Intel DSA and IAA are vulnerable to a denial of service, caused by a hardware logic with insecure de-synchronization. A local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-21788 CVSS:6.7
Intel GPA Framework Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path. An authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2024-21818 CVSS:6.7
Intel PCM Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path. An authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-45743 CVSS:6.7
Intel DSA Software Uninstaller could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path. An authenticated attacker could exploit this vulnerability to gain elevated privileges.
Impact
- Privilege Escalation
- Denial of Service
Indicators of Compromise
CVE
- CVE-2023-40155
- CVE-2024-22379
- CVE-2023-41082
- CVE-2024-21777
- CVE-2023-43487
- CVE-2024-21823
- CVE-2024-21788
- CVE-2024-21818
- CVE-2023-45743
Affected Vendors
Affected Products
- Intel MPI Library
- Intel Quartus Prime Lite Edition Design Software 23.0
- Intel CST Software 2.1
- Intel Inspector Software
- Intel HPC Toolkit Software
- Intel DSA Transparent Offload Library (DTO) 1.0
- Intel Query Processing Library (QPL) 1.5.0
- OpenFabrics Interfaces Working Group libfabric 1.21.0
- Intel Data Streaming Accelerator
- Intel Analytics Accelerator 1.0
- Intel GPA software 2023.3
- Intel PCM Software 202310
- Intel DSA Software Uninstaller 23.4
- Storage Performance Development Kit Storage Performance Development Kit 24.01
Remediation
Refer to Intel Security Advisory for patch, upgrade or suggested workaround information.