CVE-2024-22476: Improper input validation in some Intel® Neural Compressor software (5 June 2024)

Original article published on 14-05-2024

Preface: Ancient humans hunted for survival. As times goes by, the evolution make them become intelligence biology. This pursuit of progress divided into different level of human. Human want is never ending. When Artificial Intelligence has born. It is the creator’s final blessing to human.

Background: Intel Neural Compressor performs model optimization to reduce the model size and increase the speed of deep learning inference for deployment on CPUs or GPUs.

Intel Neural Compressor aims to provide popular model compression techniques such as quantization, pruning (sparsity), distillation, and neural architecture search on mainstream frameworks such as TensorFlow, PyTorch, ONNX Runtime, and MXNet, as well as Intel extensions such as Intel Extension for TensorFlow and Intel Extension for PyTorch.

Vulnerability details:

CVEID:  CVE-2024-22476

Description: Improper input validation in some Intel® Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access.

CVSS Vector:  CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

Intel® Neural Compressor software before version 2.5.0.

Official announcement: For detail, please refer to link –

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.