CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-22476

CVSS 10.0v3.1pub. 2024-05-16upd. 2026-04-15

Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access.

🤖 AI Analysis
How it works

The flaw consists of improper input validation (CWE-20), meaning that the software does not properly verify the correctness of data received from the network before processing it. An attacker can send specially crafted data to the vulnerable system without the need for authentication. The result is the ability to escalate privileges in a context that goes beyond the scope of the application itself (Scope: Changed vector in CVSS), indicating potential impact on the entire operating system or other components of the environment.

Impact

An unauthenticated remote attacker can gain privilege escalation, leading to complete compromise of confidentiality, integrity, and availability of the system on which the vulnerable software runs.

Mitigation & patch

Intel Neural Compressor software should be updated to version 2.5.0 or later. Detailed information is available in the Intel security advisory at: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01109.html

Who is affected

Intel Neural Compressor in versions prior to 2.5.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References