Critical Vulnerability Information Intel ID: INTEL-SA-01274 Category: Software Vulnerability Impact: Escalation of Privilege Severity Rating: MEDIUM Original Release Date: 05/13/2025 Last Revised Date: 05/13/2025 Vulnerability Details CVE ID: CVE-2024-31073 Description: An uncontrolled search path exists in Intel® oneAPI Level Zero software, which may allow an authenticated user to potentially escalate privileges. CVSS Base Score 3.1: 6.7 (Medium) CVSS Vector 3.1: AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:A/A:H CVSS Base Score 4.0: 5.4 (Medium) CVSS Vector 4.0: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:R/VCH/VH/VAH/SC:N/SI:N/SAN Affected Products Intel® oneAPI Level Zero software versions prior to 1.5.4 Intel® Graphics Windows DCH driver software versions prior to 30.0.101.1191 Recommended Actions Update Intel® oneAPI Level Zero software to version 1.5.4 or later. Update Intel® 7th to 10th Generation Processor Graphics Windows software to the latest version. Update Intel® Arc™ and Iris® Xe Graphics Windows drivers to the latest version. Acknowledgments This issue was internally discovered by Intel employees. Thanks to Russell W McGuire, Viraj Malia, Vadim O Pirogov, Tony Homer, and Axel Monroy for their contributions.