CVE-2024-23495 – This vulnerability in Intel Distribution for GD... (How to Fix)

Q: What is the severity of CVE-2024-23495?

CVE-2024-23495 has a CVSS score of 6.7 (MEDIUM). This vulnerability in Intel Distribution for GDB software allows authenticated local users to escalate privileges due to incorrect default permissions. Attackers could gain elevated system access by exploiting the misconfigured permissions. Only users running vulnerable versions of Intel's GDB distribution are affected.

📋 TL;DR

This vulnerability in Intel Distribution for GDB software allows authenticated local users to escalate privileges due to incorrect default permissions. Attackers could gain elevated system access by exploiting the misconfigured permissions. Only users running vulnerable versions of Intel's GDB distribution are affected.

💻 Affected Systems

Products:

Intel Distribution for GDB

Versions: All versions before 2024.0.1

Operating Systems: Linux, Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Intel's specialized GDB distribution, not standard GNU GDB. Requires local authenticated access to exploit.

📦 What is this software?

Distribution For Gdb by Intel

View all CVEs affecting Distribution For Gdb →

Oneapi Base Toolkit by Intel

View all CVEs affecting Oneapi Base Toolkit →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local authenticated attacker gains root/administrator privileges, enabling complete system compromise, data theft, and persistence establishment.

🟠

Likely Case

Privileged user or attacker with initial access escalates to higher privileges, potentially compromising sensitive development environments or build systems.

🟢

If Mitigated

With proper access controls and least privilege principles, impact is limited to specific development environments with minimal production exposure.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring authenticated access, not remotely exploitable.

🏢 Internal Only: MEDIUM - While requiring local access, development systems with vulnerable GDB installations could be compromised by malicious insiders or attackers with initial foothold.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation likely involves manipulating file permissions or executing privileged operations through the misconfigured GDB installation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024.0.1 or later

Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01075.html

Restart Required: No

Instructions:

1. Download Intel Distribution for GDB version 2024.0.1 or later from Intel's website. 2. Uninstall previous vulnerable version. 3. Install the updated version following Intel's installation guide.

🔧 Temporary Workarounds

Adjust File Permissions

linux

Manually correct the incorrect default permissions on GDB installation files and directories

chmod 755 /path/to/intel/gdb/bin/*
chown root:root /path/to/intel/gdb/bin/*

Restrict User Access

linux

Limit which users can access the Intel GDB installation directory

chmod 750 /opt/intel/gdb
setfacl -m u:username:rx /opt/intel/gdb

🧯 If You Can't Patch

Remove Intel Distribution for GDB from production systems and use standard GNU GDB instead
Implement strict access controls and monitor for privilege escalation attempts on systems with vulnerable installations

🔍 How to Verify

Check if Vulnerable:

Check Intel GDB version: /opt/intel/gdb/bin/gdb --version | grep 'Intel Distribution for GDB'

Check Version:

/opt/intel/gdb/bin/gdb --version | head -1

Verify Fix Applied:

Verify version is 2024.0.1 or later: /opt/intel/gdb/bin/gdb --version

📡 Detection & Monitoring

Log Indicators:

Unexpected privilege escalation events
GDB processes running with elevated privileges
File permission changes in Intel GDB directories

Network Indicators:

None - local-only vulnerability

SIEM Query:

process_name:"gdb" AND parent_process_name NOT IN ("bash", "zsh", "ssh", "terminal") AND user_change:true

📊 Metadata

CVE ID: CVE-2024-23495

CVSS v3 Score: 6.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-276

Published: August 14, 2024

Last Updated: August 31, 2024

🔗 References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01075.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-23495, you might also want to check these: