CVE-2024-22476 (CVSS 10): Intel’s Critical AI Flaw Leaves Systems Open to Attack

From securityonline.info

Recently, Intel released 41 security bulletins, addressing over 90 vulnerabilities across its product line, a substantial number. The primary focus of these security flaws lies in the software domain, including one critical AI tool vulnerability.

The most perilous vulnerability discovered by Intel is in the Neural Compressor, achieving a perfect score of 10 in the CVSS ratings, the highest possible level of security risk. The flaw, tracked as CVE-2024-22476, could allow an unauthenticated attacker to “enable escalation of privilege via remote access”. It is understood that attackers can exploit this vulnerability in all versions before the current one, enabling privilege escalation and remote execution of arbitrary attacks. Neural Compressor is a tool designed to optimize AI language models, reduce the size of LLMs, and enhance their speed. However, it is not commonly installed on most PCs and is primarily used by those involved in AI work.Recently, Intel released 41 security bulletins, addressing over 90 vulnerabilities across its product line, a substantial number. The primary focus of these security flaws lies in the software domain, including one critical AI tool vulnerability.

Read more…