Intel has released 41 security advisories, addressing over 90 vulnerabilities across its product line. The primary focus of these security flaws lies in the software domain, including one critical AI tool vulnerability.
The most critical vulnerability discovered by Intel is in the neural compressor, tracked as CVE-2024-22476 with a CVSS score of 10, which could allow an unauthenticated attacker to enable escalation of privilege via remote access. The attackers can exploit this vulnerability in all versions before the current one, enabling privilege escalation and remote execution of arbitrary attacks.
Neural Compressor is a tool designed to optimize AI language models, reduce the size of LLMs, and enhance their speed. However, it is not commonly installed on most PCs and is primarily used by those involved in AI work.
It affects Intel Neural Compressor software before version 2.5.0, and Intel recommends updating Intel Neural Compressor software to version 2.5.0 or later
The other vulnerabilities range from moderate to high severity, encompassing UEFI firmware for server products, Arc and Iris Xe graphics software, and other assorted Intel software products that addresses risks of privilege escalation attacks, DoS attacks, or information leakage.
Numerous moderately severe vulnerabilities were also found in the Core Ultra “Meteor Lake” processors and a wide array of Intel software, including processor diagnostic tools, graphics performance analyzers, and Extreme Tuning Utility
