We use cookies to improve your experience on our site.
AVID-2026-R1006
Description
Vulnerability CVE-2022-26425
Details
Uncontrolled search path element in the Intel(R) oneAPI Collective Communications Library (oneCCL) before version 2021.6 for Intel(R) oneAPI Base Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.
Reason for inclusion in AVID: CVE-2022-26425 describes a local privilege escalation in Intel oneAPI Collective Communications Library (oneCCL), a dependency used in AI/ML pipelines for distributed training. This is a software component commonly used to build/run AI systems, thus a software supply-chain issue affecting AI stacks. The description and CVE reference provide clear security vulnerability evidence.
References
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | Intel(R) oneAPI Collective Communications Library (oneCCL) for Intel(R) oneAPI Base Toolkit |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
| Base Score | 6.7 |
| Base Severity | 🟠 Medium |
| Attack Vector | LOCAL |
| Attack Complexity | 🔴 High |
| Privileges Required | 🟢 Low |
| User Interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality Impact | 🔴 High |
| Integrity Impact | 🔴 High |
| Availability Impact | 🔴 High |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2023-02-16
- Version: 0.3.3
- AVID Entry