CVE-2024-29015 – This vulnerability in Intel VTune Profiler allo... (How to Fix)

Q: What is the severity of CVE-2024-29015?

CVE-2024-29015 has a CVSS score of 6.7 (MEDIUM). This vulnerability in Intel VTune Profiler allows authenticated local users to escalate privileges by manipulating the software's search path. It affects users running vulnerable versions of VTune Profiler on systems where local users have access. The issue stems from uncontrolled DLL/component loading.

📋 TL;DR

This vulnerability in Intel VTune Profiler allows authenticated local users to escalate privileges by manipulating the software's search path. It affects users running vulnerable versions of VTune Profiler on systems where local users have access. The issue stems from uncontrolled DLL/component loading.

💻 Affected Systems

Products:

Intel VTune Profiler

Versions: All versions before 2024.1

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local authenticated access; not exploitable remotely.

📦 What is this software?

Oneapi Base Toolkit by Intel

View all CVEs affecting Oneapi Base Toolkit →

Vtune Profiler by Intel

View all CVEs affecting Vtune Profiler →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local authenticated attacker gains SYSTEM/root privileges, enabling complete system compromise, data theft, and persistence.

🟠

Likely Case

Local user with standard privileges gains administrative rights, potentially installing malware or accessing restricted data.

🟢

If Mitigated

With proper access controls and patching, risk is limited to authorized users only, reducing impact significantly.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access and basic knowledge of DLL hijacking/search path manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024.1 or later

Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01122.html

Restart Required: Yes

Instructions:

1. Download VTune Profiler 2024.1 or newer from Intel's website. 2. Uninstall previous version. 3. Install new version. 4. Restart system.

🔧 Temporary Workarounds

Restrict local user access

all

Limit which local users can run VTune Profiler to reduce attack surface.

Remove vulnerable versions

all

Uninstall VTune Profiler if not needed or until patched.

🧯 If You Can't Patch

Restrict VTune Profiler execution to trusted administrators only
Monitor for suspicious process creation or privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check VTune Profiler version via Help > About in GUI or 'amplxe-cl -version' in terminal.

Check Version:

amplxe-cl -version

Verify Fix Applied:

Confirm version is 2024.1 or higher using same methods.

📡 Detection & Monitoring

Log Indicators:

Unexpected VTune Profiler process execution by non-admin users
Privilege escalation events in Windows Event Log or Linux audit logs

Network Indicators:

None - local attack only

SIEM Query:

Process creation where parent process contains 'vtune' or 'amplxe' and user privilege changes observed

📊 Metadata

CVE ID: CVE-2024-29015

CVSS v3 Score: 6.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-427

Published: August 14, 2024

Last Updated: September 12, 2024

🔗 References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01122.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-29015, you might also want to check these: