We use cookies to improve your experience on our site.
AVID-2026-R1451
Description
Vulnerability CVE-2024-28950
Details
Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software for Windows before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
Reason for inclusion in AVID: CVE-2024-28950 is an uncontrolled search path vulnerability in Intel oneAPI Math Kernel Library (MKL) for Windows, enabling local privilege escalation. MKL is a widely used dependency in AI software stacks (ML frameworks, runtimes, and numerical compute components). As a vulnerability in a software dependency used to build/run AI systems, it constitutes a software supply-chain issue relevant to general-purpose AI systems. The CVE describes the security impact (privilege escalation) with clear evidence and references.
References
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | Intel(R) oneAPI Math Kernel Library software for Windows |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
| Base Score | 6.7 |
| Base Severity | 🟠 Medium |
| Attack Vector | LOCAL |
| Attack Complexity | 🔴 High |
| Privileges Required | 🟢 Low |
| User Interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality Impact | 🔴 High |
| Integrity Impact | 🔴 High |
| Availability Impact | 🔴 High |
CWE
| ID | Description |
|---|---|
| CWE-427 | Uncontrolled search path |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2024-11-13
- Version: 0.3.3
- AVID Entry