Intel security advisory (AV23-015) 10th JAN 2023

Preface: OpenMP (Open Multi-Processing) is an application programming interface (API) that supports multi-platform shared-memory multiprocessing programming in C, C++, and Fortran, on many platforms, instruction-set architectures and operating systems, including Solaris, AIX, FreeBSD, HP-UX, Linux, macOS, and Windows.

Background: A LEGO brick is a small plastic part, but it can build a big robot. Similar concept, CPU manufacturers provide main components, guidelines as upstream product suppliers. Let computer hardware manufacturers build their own powerful supercomputers. So they use their own design for load sharing, offloading resources to the GPU. That’s how the tech world works right now.

We often hear that computer hardware has backdoors. It usually happens during the design phase of the hardware. If you ask, who will bear this burden, the downstream hardware developer or the upstream CPU manufacturer? My comment is two-sided (see below).

  • If the hardware developer does not follow the best practices recommended by the CPU manufacturer. Risks will happen.
  • If CPU and development tool manufacturers have design flaws. The risk will be on this side.

Vulnerability details: CVE-2022-40196

Description: Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

For details, see the link –

My observation: As usual, the vendor does not reveal the root cause. See whether it can dig out part of the possibility.

For example: Unified Shared Memory (USM): Device Kernels can access the data using pointers. Like this programming example. The memcpy operation will wait on events e1 and e2 and Transfers data back from device to host memory. As we know, the memcpy() and memmove() functions are a source of buffer overflow vulnerabilities. Will Intel oneAPI DPC++/C++ Compiler encounter a vulnerability in this place?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.