关键信息摘要 Intel ID: INTEL-SA-01129 Advisory Category: Software Impact of Vulnerability: Escalation of Privilege Severity Rating: MEDIUM Original Release Date: 08/13/2024 Last Revised: 08/13/2024 Summary: A potential security vulnerability in some Intel® Integrated Performance Primitives (Intel® IPP) software may allow escalation of privilege. Software updates are being released to mitigate the potential vulnerability. Vulnerability Details: CVE ID: CVE-2024-28887 Description: Uncontrolled search path in some Intel® IPP software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access. CVSS Base Score 3.1: 6.7 Medium CVSS Vector 3.1: CVSS Base Score 4.0: 5.4 Medium CVSS Vector 4.0: Affected Products: Intel Integrated Performance Primitive before version 2021.11. Intel® oneAPI Base Toolkit before version 2024.1. Recommendation: Update Intel® IPP software to version 2021.11 or later. - Download updates from: https://www.intel.com/content/www/us/en/developer/tools/oneapi/ipp.html#gs.6xkls2 Update Intel® oneAPI Base Toolkit software version 2024.1 or later. - Download updates from: https://www.intel.com/content/www/us/en/developer/tools/oneapi/toolkits.html#base-kit Acknowledgements: Thank you to ycdxsd for reporting this issue. Revision History: Revision 1.0: 08/13/2024 - Initial Release Legal Notices and Disclaimers: Intel provides these materials as-is, with no express or implied warranties. Intel products and services may contain design defects or errors known as errata. For more details, visit Intel's website.