Intel has released a series of updates to address multiple security vulnerabilities in various products, as reported by “Security-Insider.” These vulnerabilities could allow criminals to take over entire systems. Notably, the CVE-2024-22476 vulnerability stands out, rated a maximum score of 10 on the Common Vulnerability Scoring System (CVSS) scale, marking it as particularly critical.
This vulnerability allows attackers to access the AI tool Neural Compressor Software without required authentication. This issue has been fixed since version 2.5.0. Another critical vulnerability identified by Intel is CVE-2024-21792, involving a “Time-of-check to Time-of-use” (TOCTOU) race condition in the Intel Neural Compressor Software prior to version 2.5.0.
This flaw could enable an already authenticated user to disclose sensitive information through local access. With a CVSS base score of 4.7, it is classified as moderately severe. Intel emphasizes the importance of updating to at least this version to ensure protection against potential attacks.
More Intel Products Affected: Updates Available
In addition to the Neural Compressor Software, other Intel products are affected by security vulnerabilities, for which the chip manufacturer now offers updates. These products include Intel DSA, Intel IAA, server products with UEFI firmware, and the Intel Processor Diagnostic Tool. The specific vulnerabilities addressed by these updates are listed in the corresponding security advisories.
Companies using Intel products are advised to review the new security advisories and implement the recommended updates as soon as possible to keep their systems up-to-date and protected against these security risks.