Login Sign Up

CVE-2022-25987

8.3 HIGH

📋 TL;DR

This vulnerability in Intel C++ Compiler Classic allows improper Unicode encoding handling during compilation, potentially enabling privilege escalation. It affects users of Intel oneAPI Toolkits before version 2022.2 who compile untrusted source code. An attacker could exploit this via network access to gain elevated privileges.

💻 Affected Systems

Products:
  • Intel C++ Compiler Classic
  • Intel oneAPI Toolkits
Versions: Intel C++ Compiler Classic before version 2021.6, Intel oneAPI Toolkits before version 2022.2
Operating Systems: Windows, Linux, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Only vulnerable when compiling source code containing Unicode characters. Requires compilation of potentially malicious source code.

📦 What is this software?

C\+\+ Compiler Classic by Intel

View all CVEs affecting C\+\+ Compiler Classic →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with root/admin privileges achieved through successful exploitation of the compiler vulnerability during build processes.

🟠

Likely Case

Privilege escalation in development/build environments where untrusted code is compiled, potentially leading to code execution in CI/CD pipelines.

🟢

If Mitigated

Limited impact if only trusted source code is compiled and network access to build systems is restricted.

🌐 Internet-Facing: MEDIUM - Exploitation requires network access to systems running vulnerable compiler, but many build systems are internal.
🏢 Internal Only: HIGH - Development/build systems often have elevated privileges and compile various code sources, making them attractive targets.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting malicious source code with specific Unicode encoding that triggers the vulnerability during compilation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Intel C++ Compiler Classic 2021.6 or later, Intel oneAPI Toolkits 2022.2 or later

Vendor Advisory: http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html

Restart Required: No

Instructions:

1. Update Intel C++ Compiler Classic to version 2021.6 or later. 2. Update Intel oneAPI Toolkits to version 2022.2 or later. 3. Recompile any previously compiled code with the updated compiler.

🔧 Temporary Workarounds

Restrict compilation to trusted source

all

Only compile source code from trusted, verified sources to prevent malicious Unicode exploitation.

Network segmentation for build systems

all

Isolate build/compilation systems from untrusted networks and limit access to authorized users only.

🧯 If You Can't Patch

  • Implement strict source code validation and scanning for Unicode anomalies before compilation
  • Run compilation processes with minimal necessary privileges (non-root/non-admin accounts)

🔍 How to Verify

Check if Vulnerable:

Check compiler version: icc --version or icx --version. If version is earlier than 2021.6 for icc or part of oneAPI Toolkits earlier than 2022.2, system is vulnerable.

Check Version:

icc --version  # For Intel C++ Compiler Classic

Verify Fix Applied:

Verify compiler version is 2021.6 or later for Intel C++ Compiler Classic, or oneAPI Toolkits version is 2022.2 or later.

📡 Detection & Monitoring

Log Indicators:

  • Unusual compilation errors related to Unicode/encoding
  • Compilation processes running with unexpected privileges
  • Network connections to build systems from unauthorized sources

Network Indicators:

  • Unexpected network traffic to compilation/build system ports
  • Source code transfers from untrusted sources to build systems

SIEM Query:

process_name:"icc" OR process_name:"icx" AND (event_type:"process_start" OR event_type:"network_connection")

📊 Metadata

CVE ID: CVE-2022-25987
CVSS v3 Score: 8.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Published: February 16, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON