CVE-2022-40196 – This vulnerability allows authenticated users w... (How to Fix)

Q: What is the severity of CVE-2022-40196?

CVE-2022-40196 has a CVSS score of 7.8 (HIGH). This vulnerability allows authenticated users with local access to potentially escalate privileges on systems running affected Intel compiler versions. It affects users of Intel oneAPI DPC++/C++ Compiler before version 2022.2.1 and Intel C++ Compiler Classic before version 2021.7.1.

📋 TL;DR

This vulnerability allows authenticated users with local access to potentially escalate privileges on systems running affected Intel compiler versions. It affects users of Intel oneAPI DPC++/C++ Compiler before version 2022.2.1 and Intel C++ Compiler Classic before version 2021.7.1.

💻 Affected Systems

Products:

Intel oneAPI DPC++/C++ Compiler
Intel C++ Compiler Classic

Versions: oneAPI DPC++/C++ Compiler before 2022.2.1, C++ Compiler Classic before 2021.7.1

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects Intel oneAPI Toolkits before version 2022.3.1 that include these compilers.

📦 What is this software?

Oneapi Dpc\+\+\/c\+\+ Compiler by Intel

View all CVEs affecting Oneapi Dpc\+\+\/c\+\+ Compiler →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker could gain SYSTEM/root privileges and fully compromise the host system.

🟠

Likely Case

Privilege escalation from standard user to administrator/root access on the local system.

🟢

If Mitigated

No impact if proper access controls and patching are implemented.

🌐 Internet-Facing: LOW - Requires local authenticated access, not remotely exploitable.

🏢 Internal Only: HIGH - Local authenticated users could exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated local access and knowledge of the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: oneAPI DPC++/C++ Compiler 2022.2.1+, C++ Compiler Classic 2021.7.1+

Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00773.html

Restart Required: Yes

Instructions:

1. Update to Intel oneAPI Toolkit version 2022.3.1 or later. 2. Update individual compilers to patched versions. 3. Restart affected systems.

🔧 Temporary Workarounds

Restrict local user access

all

Limit local user accounts and implement least privilege access controls.

Disable compiler services

all

Temporarily disable compiler services if not actively needed.

systemctl stop intel-compiler-services
sc stop "Intel Compiler Service"

🧯 If You Can't Patch

Implement strict access controls and limit local user privileges
Monitor for suspicious privilege escalation attempts and compiler service activity

🔍 How to Verify

Check if Vulnerable:

Check compiler version: icpx --version or icc --version

Check Version:

icpx --version 2>&1 | head -1

Verify Fix Applied:

Verify version is 2022.2.1+ for DPC++/C++ or 2021.7.1+ for Classic

📡 Detection & Monitoring

Log Indicators:

Unexpected privilege escalation events
Compiler service access by non-admin users

Network Indicators:

Local privilege escalation attempts

SIEM Query:

EventID=4672 OR EventID=4688 on Windows with compiler process names

📊 Metadata

CVE ID: CVE-2022-40196

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Published: February 6, 2023

Last Updated: November 21, 2024

🔗 References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00773.html Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00773.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON