Race Condition Vulnerability in Intel Neural Compressor Software
CVE-2024-21792

4.7MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Neural Compressor Software
Vendor: CVE Published:; 16 May 2024

What is CVE-2024-21792?

A race condition vulnerability exists in the Intel Neural Compressor software prior to version 2.5.0. This flaw may allow an authenticated user with local access to exploit timing discrepancies between checking for conditions and utilizing resources, potentially leading to information disclosure. Proper mitigating controls should be considered to protect against this issue.

Affected Version(s)

Intel(R) Neural Compressor software before version 2.5.0

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 16, 2024
Vulnerability Reserved
Jan 13, 2024