CVE-2023-35121
📋 TL;DR
This vulnerability in Intel oneAPI DPC++/C++ Compiler allows authenticated users with local access to potentially escalate privileges. It affects users of Intel oneAPI Toolkits before version 2022.3.1 who have the vulnerable compiler installed.
💻 Affected Systems
- Intel oneAPI DPC++/C++ Compiler
- Intel oneAPI Toolkits
📦 What is this software?
Advisor by Intel
Integrated Performance Primitives by Intel
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker could gain root/system-level privileges on the affected system, potentially taking full control.
Likely Case
Privileged users could exploit this to gain higher privileges than intended, compromising system integrity.
If Mitigated
With proper access controls and least privilege principles, impact would be limited to the compromised user's scope.
🎯 Exploit Status
Exploitation requires local authenticated access and knowledge of the vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Intel oneAPI DPC++/C++ Compiler 2022.2.1 or later, Intel oneAPI Toolkits 2022.3.1 or later
Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00988.html
Restart Required: No
Instructions:
1. Update to Intel oneAPI DPC++/C++ Compiler version 2022.2.1 or later. 2. Alternatively, update Intel oneAPI Toolkits to version 2022.3.1 or later. 3. Verify installation using the version check command.
🔧 Temporary Workarounds
Restrict Compiler Access
linuxLimit access to the compiler to only trusted, necessary users using file permissions.
chmod 750 /opt/intel/oneapi/compiler/latest/linux/bin/*
chown root:trusted_group /opt/intel/oneapi/compiler/latest/linux/bin/*
Apply Least Privilege
allEnsure users don't have unnecessary local access or elevated privileges on systems with the vulnerable compiler.
🧯 If You Can't Patch
- Implement strict access controls to limit who can use the compiler locally
- Monitor for suspicious privilege escalation attempts and compiler usage patterns
🔍 How to Verify
Check if Vulnerable:
Check compiler version: dpcpp --version or icpx --version and compare to vulnerable versions.Check Version:
dpcpp --version 2>/dev/null || icpx --version 2>/dev/null || echo "Check Intel oneAPI installation"Verify Fix Applied:
Verify version is 2022.2.1 or higher for compiler, or 2022.3.1 or higher for toolkits.📡 Detection & Monitoring
Log Indicators:
- Unusual compiler execution by non-developer users
- Privilege escalation attempts following compiler usage
Network Indicators:
- None - local access required
SIEM Query:
Process creation where parent process is dpcpp or icpx AND user privilege changes