CVE-2024-21766
📋 TL;DR
This vulnerability in Intel oneAPI Math Kernel Library allows authenticated local users to escalate privileges by manipulating the library search path. It affects systems running vulnerable versions of the software where an attacker has local access.
💻 Affected Systems
- Intel oneAPI Math Kernel Library
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local authenticated attacker gains full system administrator/root privileges, potentially compromising the entire system.
Likely Case
Local user with standard privileges escalates to higher privileges, allowing unauthorized access to sensitive data or system modifications.
If Mitigated
Attack fails due to proper access controls, privilege separation, or patched systems.
🎯 Exploit Status
Exploitation requires understanding of library search path manipulation and local system access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2024.1 or later
Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01072.html
Restart Required: No
Instructions:
1. Download Intel oneAPI Math Kernel Library version 2024.1 or later from Intel's official website. 2. Uninstall the vulnerable version. 3. Install the patched version. 4. Verify the installation.
🔧 Temporary Workarounds
Restrict library search paths
allConfigure system to restrict library search paths to trusted directories only
export LD_LIBRARY_PATH=/trusted/path:$LD_LIBRARY_PATH (Linux)
set PATH=C:\trusted\path;%PATH% (Windows)
Implement strict file permissions
allSet restrictive permissions on directories where malicious libraries could be placed
chmod 755 /usr/local/lib (Linux)
icacls C:\ProgramData /deny Users:(OI)(CI)W (Windows)
🧯 If You Can't Patch
- Implement principle of least privilege - restrict user access to only necessary functions
- Monitor for suspicious library loading behavior and file creation in writable directories
🔍 How to Verify
Check if Vulnerable:
Check installed version of Intel oneAPI Math Kernel Library - if version is earlier than 2024.1, system is vulnerable.Check Version:
mkl_get_version (Linux/Windows) or check installed packages via package managerVerify Fix Applied:
Verify installed version is 2024.1 or later and test library loading functionality.📡 Detection & Monitoring
Log Indicators:
- Unexpected library loading from non-standard paths
- Process privilege escalation attempts
- File creation in writable directories by non-admin users
Network Indicators:
- Not applicable - local vulnerability only
SIEM Query:
Process where (ParentImage contains 'mkl' OR Image contains 'mkl') AND IntegrityLevel changed