We use cookies to improve your experience on our site.
AVID-2026-R1004
Description
Vulnerability CVE-2022-25864
Details
Uncontrolled search path in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
Reason for inclusion in AVID: CVE-2022-25864 describes an Uncontrolled search path vulnerability in Intel oneMKL, a library commonly used in AI/ML tooling and pipelines. This affects software dependencies used to build/train/deploy AI systems, and can lead to local privilege escalation. The report clearly identifies the affected component, vulnerability type, and impact, providing sufficient evidence for AI-supply-chain relevance.
References
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | Intel(R) oneMKL software |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
| Base Score | 6.7 |
| Base Severity | 🟠 Medium |
| Attack Vector | LOCAL |
| Attack Complexity | 🔴 High |
| Privileges Required | 🟢 Low |
| User Interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality Impact | 🔴 High |
| Integrity Impact | 🔴 High |
| Availability Impact | 🔴 High |
CWE
| ID | Description |
|---|---|
| CWE-427 | Uncontrolled search path |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2023-08-11
- Version: 0.3.3
- AVID Entry