CVE-2024-39365
📋 TL;DR
This vulnerability allows an authenticated attacker with local access to escalate privileges on Windows systems by exploiting an uncontrolled search path in Intel's FPGA Support Package for the oneAPI DPC++/C++ Compiler. The attacker could place malicious DLLs in directories searched by the vulnerable software. Only users running affected versions of the Intel compiler software on Windows are impacted.
💻 Affected Systems
- Intel oneAPI DPC++/C++ Compiler with FPGA Support Package
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker gains SYSTEM/administrator privileges on the Windows host, enabling complete system compromise, data theft, persistence installation, and lateral movement.
Likely Case
Authenticated users (including low-privilege accounts) escalate to administrator privileges on their local machine, potentially accessing sensitive data or installing malware.
If Mitigated
With proper access controls and limited local user privileges, impact is contained to the compromised user's context without system-wide compromise.
🎯 Exploit Status
Exploitation requires authenticated local access and knowledge of DLL search order hijacking techniques. No public exploits have been reported.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2024.2 or later
Vendor Advisory: https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01218.html
Restart Required: Yes
Instructions:
1. Download Intel oneAPI DPC++/C++ Compiler version 2024.2 or later from Intel's website. 2. Run the installer and follow prompts to update. 3. Restart the system after installation completes.
🔧 Temporary Workarounds
Restrict DLL search path
windowsUse Windows policies or application controls to restrict where DLLs can be loaded from for the vulnerable software.
Use Windows AppLocker or Software Restriction Policies to block DLL execution from user-writable directories
Remove vulnerable component
windowsUninstall the FPGA Support Package if not required for your workflow.
Control Panel > Programs and Features > Intel oneAPI DPC++/C++ Compiler > Modify > Deselect FPGA Support Package
🧯 If You Can't Patch
- Restrict local user privileges to prevent authenticated users from writing to directories in the DLL search path
- Implement strict file integrity monitoring on directories where the vulnerable software searches for DLLs
🔍 How to Verify
Check if Vulnerable:
Check Intel oneAPI version: Open Intel oneAPI command prompt and run 'icpx --version' or check installed programs in Control Panel for version number.Check Version:
icpx --versionVerify Fix Applied:
Confirm version is 2024.2 or later using 'icpx --version' command and verify FPGA Support Package is updated.📡 Detection & Monitoring
Log Indicators:
- Windows Event Logs showing DLL loading from unusual locations (Event ID 7 in Microsoft-Windows-Diagnostics-Performance)
- Unexpected privilege escalation events (Event ID 4672)
Network Indicators:
- None - this is a local privilege escalation vulnerability
SIEM Query:
EventID=7 AND (ImagePath contains "icpx" OR ImagePath contains "dpcpp") AND FileLoad contains ".dll" AND NOT FileLoad contains "System32"