What is the critical severity vulnerability in Intel Neural Compressor?

The critical severity vulnerability in Intel Neural Compressor is CVE-2024-22476 (CVSS score: 10.0). This flaw allows escalation of privilege via remote access and can be exploited by an unauthenticated attacker to escalate privileges remotely. Intel Neural Compressor is a tool designed for optimizing AI language models, reducing their size, and enhancing the speed of large language models (LLMs).

Which Intel products have high-severity vulnerabilities?

High-severity vulnerabilities were identified in the following Intel products: - UEFI firmware of server products - Arc & Iris Xe Graphics software - PROSet/Wireless - Power Gadget - Trust Domain Extensions - Secure Device Manager - Dynamic Tuning Technology - Thunderbolt - Graphics Performance Analyzers - BIOS Guard and Platform Properties Assessment Module - Ethernet Controller I225 Manageability products

Which Intel products have medium-severity vulnerabilities?

Medium-severity vulnerabilities were identified in the following Intel products: - Meteor Lake Core Ultra processors - Data Streaming Accelerator and Analytics Accelerator - Processor Diagnostic Tool - Graphics Performance Analyzers - Extreme Tuning Utility - Computing Improvement Program - Ethernet Controller Administrative Tools - Quartus Prime - Processor Identification Utility - Programmable Gate Array - Core Ultra processor - Advisor products - Inspector - Distribution for GDB - Data Center GPU Max Series - Performance Counter Monitor - VTune Profiler - Chipset Device Software - Driver & Support Assistant - Context Sensing Technology - Arc Control - Libva library - Dynamic Load Balancer - Graphics Command Center Service - Endurance Gaming Mode - Server Board onboard video driver - Media SDK - oneAPI Video Processing Library

Advisory

Intel publishes 41 advisories for over 90 flaws, one critical

Q: How many security vulnerabilities did Intel address in its latest Patch Tuesday release?

Intel released 41 security advisories addressing over 90 security vulnerabilities across its product range in its latest Patch Tuesday release.

Q: What should users do to protect their systems from these vulnerabilities?

Users should update their systems to the latest versions to ensure security. For those using Intel Neural Compressor, it is critical to apply the updates immediately due to the CVE-2024-22476 vulnerability.

published: May 15, 2024

Take action: If your computer is using the Intel Neural Compressor (usually running in AI workloads) patch ASAP. For all the rest, keep to your regular updating schedule, just don't ignore these patches forever.

Learn More

Intel released 41 security advisories on the latest Patch Tuesday, addressing over 90 security vulnerabilities across its product range. This package of updates includes one critical severity flaw in Intel Neural Compressor, among other high and medium-severity vulnerabilities.

Critical Vulnerability

CVE-2024-22476 (CVSS score: 10.0) is a flaw in Intel Neural Compressor that enables escalation of privilege via remote access. This vulnerability allows an unauthenticated attacker to escalate privileges remotely. Intel Neural Compressor is a tool designed for optimizing AI language models, reducing their size, and enhancing the speed of large language models (LLMs).

High-severity flaws were identified in the following Intel products that could lead to privilege escalation attacks, denial-of-Service (DoS) and nformation disclosure

UEFI firmware of server products
Arc & Iris Xe Graphics software
PROSet/Wireless
Power Gadget
Trust Domain Extensions
Secure Device Manager
Dynamic Tuning Technology
Thunderbolt
Graphics Performance Analyzers
BIOS Guard and Platform Properties Assessment Module
Ethernet Controller I225 Manageability products

Medium-severity vulnerabilities were identified in the following Intel products that could lead to privilege escalation attacks, denial-of-Service (DoS) and nformation disclosure

Meteor Lake Core Ultra processors
Data Streaming Accelerator and Analytics Accelerator
Processor Diagnostic Tool
Graphics Performance Analyzers
Extreme Tuning Utility
Computing Improvement Program
Ethernet Controller Administrative Tools
Quartus Prime
Processor Identification Utility
Programmable Gate Array
Core Ultra processor
Advisor products
Inspector
Distribution for GDB
Data Center GPU Max Series
Performance Counter Monitor
VTune Profiler
Chipset Device Software
Driver & Support Assistant
Context Sensing Technology
Arc Control
Libva library
Dynamic Load Balancer
Graphics Command Center Service
Endurance Gaming Mode
Server Board onboard video driver
Media SDK
oneAPI Video Processing Library

Intel has released patches and mitigations for the majority of these vulnerabilities. Users are urged to update their systems to the latest versions to ensure security. For those using Intel Neural Compressor, it is critical to apply the updates immediately due to the CVE-2024-22476 vulnerability.

Intel publishes 41 advisories for over 90 flaws, one critical

Read More
Mozilla fixes Firefox critical flaw in video codec
Instagram, TikTok and Yahoo leaking account data in …
Phishing campaign abuses GitHub notifications to get users …
Mozilla Firefox patches critical security vulnerabilities with exploit …
Critical flaw reported in Linksys EA7500 routers