Intel Reports a Max Severity Bug in Its Software for AI Model Compression

Intel has announced a critical vulnerability in certain versions of its Intel Neural Compressor software, used for AI model compression. Designated CVE-2024–22476, this bug allows unauthenticated attackers to execute arbitrary code on affected Intel systems. Among the 41 security advisories released by Intel this week, this vulnerability is the most severe.

Improper Input Validation Vulnerability

CVE-2024–22476 results from improper input validation, meaning the software fails to properly sanitize user input. This flaw has received a maximum CVSS score of 10, indicating it is remotely exploitable, requires low complexity to exploit, and significantly impacts data confidentiality, integrity, and availability. Attackers do not need special privileges or user interaction to exploit this vulnerability. Affected versions of Intel Neural Compressor are those before 2.5.0, and Intel advises upgrading to version 2.5.0 or later. This issue was identified by an external security researcher.

About Intel Neural Compressor

Intel Neural Compressor is an open-source Python library designed to compress and optimize deep learning models for applications such as computer vision, natural language processing, and…