Intel® Advanced Link Analyzer Advisory

Summary:

A potential security vulnerability in the Intel® Advanced Link Analyzer Pro and Standard edition software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability.

Vulnerability Details:

CVEID: CVE-2022-27638

Description: Uncontrolled search path element in the Intel® Advanced Link Analyzer Pro before version 22.2 and Standard edition software before version 22.1.1 STD may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H****

Affected Products:

Intel® Advanced Link Analyzer Pro edition software before version 22.2.

Intel® Advanced Link Analyzer Standard edition software before version 22.1.1 STD.

Recommendations:

Intel recommends updating the Intel® Advanced Link Analyzer Pro edition software to version 22.2 or later.

Intel recommends updating the Intel® Advanced Link Analyzer Standard edition software to version 22.1.1 STD or later.

Updates are available for download at these locations:

Pro edition: <https://www.intel.com/content/www/us/en/software-kit/727932&gt;

Standard edition: <https://www.intel.com/content/www/us/en/software-kit/684357&gt;

Acknowledgements:

Intel would like to thank Amin Saidani for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.