AVID-2026-R1011

Description

Vulnerability CVE-2022-28696

Details

Uncontrolled search path in the Intel(R) Distribution for Python before version 2022.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Reason for inclusion in AVID: CVE-2022-28696 affects Intel Distribution for Python (IDP), a Python runtime used in AI/ML workflows. As a Python distribution commonly involved in AI software stacks and pipelines, this is a software supply-chain risk impacting AI systems. The vulnerability is a security issue (uncontrolled search path enabling privilege escalation) and there is explicit evidence (CVE record, Intel advisory) describing the flaw.

References

• NVD entry
• https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00684.html

Affected or Relevant Artifacts

• Developer: n/a
• Deployer: n/a
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2022-08-18
• Version: 0.3.3
• AVID Entry