A critical vulnerability rated 10 by CVSS in Intel's AI model compression software, Neural Compressor, allows hackers to execute arbitrary code, impacting data confidentiality, integrity, and availability. The flaw, CVE-2024-22476, affects older versions before 2.5
0, and was reported by an external entity. Despite a fix being released, Intel did not disclose the number of affected users, which includes those deploying AI applications on various hardware devices for memory reduction and improved inference performance. Additionally, Intel disclosed another moderate-severity vulnerability, CVE-2024-21792, requiring local access for exploitation, highlighting challenges in securing AI tools amidst a backdrop of increasing security risks in large language models and vulnerabilities in core AI components linked to potential manipulation of live conversations and other malicious activities. https://www.bankinfosecurity.com/intels-max-severity-flaw-affects-ai-model-compressor-users-a-25275