We use cookies to improve your experience on our site.
AVID-2026-R1413
Description
Vulnerability CVE-2024-21766
Details
Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software before version 2024.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
Reason for inclusion in AVID: CVE-2024-21766 describes an uncontrolled search path in Intel oneAPI Math Kernel Library (MKL), a runtime library widely used in AI/ML stacks for linear algebra. This is a software component in AI pipelines/deployments, representing a software supply chain vulnerability in AI systems. The vulnerability enables local privilege escalation, and the report includes the CVE, product, impact, and references, providing sufficient evidence.
References
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | Intel(R) oneAPI Math Kernel Library software |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
| Base Score | 6.7 |
| Base Severity | 🟠 Medium |
| Attack Vector | LOCAL |
| Attack Complexity | 🔴 High |
| Privileges Required | 🟢 Low |
| User Interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality Impact | 🔴 High |
| Integrity Impact | 🔴 High |
| Availability Impact | 🔴 High |
CWE
| ID | Description |
|---|---|
| CWE-427 | Uncontrolled search path |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2024-08-14
- Version: 0.3.3
- AVID Entry