Details of VAR-202302-1447

ID

VAR-202302-1447

CVE

CVE-2022-26076

TITLE

Intel's oneapi deep neural network Vulnerability regarding uncontrolled search path elements in

Trust: 0.8

sources: JVNDB: JVNDB-2022-019756

DESCRIPTION

Uncontrolled search path element in the Intel(R) oneAPI Deep Neural Network (oneDNN) before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-26076 // JVNDB: JVNDB-2022-019756 // VULHUB: VHN-416844 // VULMON: CVE-2022-26076

AFFECTED PRODUCTS

vendor:	intel	model:	oneapi deep neural network	scope:	lt	version:	2022.1	Trust: 1.0
vendor:	インテル	model:	oneapi deep neural network	scope:	eq	version:	-	Trust: 0.8
vendor:	インテル	model:	oneapi deep neural network	scope:	-	version:	-	Trust: 0.8
vendor:	インテル	model:	oneapi deep neural network	scope:	eq	version:	2022.1	Trust: 0.8

sources: JVNDB: JVNDB-2022-019756 // NVD: CVE-2022-26076

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-26076
value:	HIGH
Trust: 1.0
secure@intel.com:	CVE-2022-26076
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-26076
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202302-1404
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-26076
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.3
impactScore:	5.9
version:	3.1
Trust: 1.0
secure@intel.com:	CVE-2022-26076
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-26076
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-019756 // CNNVD: CNNVD-202302-1404 // NVD: CVE-2022-26076 // NVD: CVE-2022-26076

PROBLEMTYPE DATA

problemtype:	CWE-427	Trust: 1.1
problemtype:	Uncontrolled search path elements (CWE-427) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-416844 // JVNDB: JVNDB-2022-019756 // NVD: CVE-2022-26076

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202302-1404

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202302-1404

PATCH

title:	Intel OneApi Toolkits Fixes for code issue vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=227090	Trust: 0.6
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2022-26076	Trust: 0.1

sources: VULMON: CVE-2022-26076 // CNNVD: CNNVD-202302-1404

EXTERNAL IDS

db:	NVD	id:	CVE-2022-26076	Trust: 3.4
db:	JVN	id:	JVNVU91223897	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-019756	Trust: 0.8
db:	CNNVD	id:	CNNVD-202302-1404	Trust: 0.6
db:	VULHUB	id:	VHN-416844	Trust: 0.1
db:	VULMON	id:	CVE-2022-26076	Trust: 0.1

sources: VULHUB: VHN-416844 // VULMON: CVE-2022-26076 // JVNDB: JVNDB-2022-019756 // CNNVD: CNNVD-202302-1404 // NVD: CVE-2022-26076

REFERENCES

url:	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html	Trust: 2.6
url:	https://jvn.jp/vu/jvnvu91223897/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26076	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-26076/	Trust: 0.6
url:	https://github.com/live-hack-cve/cve-2022-26076	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-416844 // VULMON: CVE-2022-26076 // JVNDB: JVNDB-2022-019756 // CNNVD: CNNVD-202302-1404 // NVD: CVE-2022-26076

SOURCES

db:	VULHUB	id:	VHN-416844
db:	VULMON	id:	CVE-2022-26076
db:	JVNDB	id:	JVNDB-2022-019756
db:	CNNVD	id:	CNNVD-202302-1404
db:	NVD	id:	CVE-2022-26076

LAST UPDATE DATE

2024-08-14T12:28:42.916000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-416844	date:	2023-02-28T00:00:00
db:	VULMON	id:	CVE-2022-26076	date:	2023-02-17T00:00:00
db:	JVNDB	id:	JVNDB-2022-019756	date:	2023-10-27T06:13:00
db:	CNNVD	id:	CNNVD-202302-1404	date:	2023-03-01T00:00:00
db:	NVD	id:	CVE-2022-26076	date:	2023-02-28T19:23:23.353

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-416844	date:	2023-02-16T00:00:00
db:	VULMON	id:	CVE-2022-26076	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2022-019756	date:	2023-10-27T00:00:00
db:	CNNVD	id:	CNNVD-202302-1404	date:	2023-02-16T00:00:00
db:	NVD	id:	CVE-2022-26076	date:	2023-02-16T20:15:12.870