We use cookies to improve your experience on our site.
AVID-2026-R1238
Description
Vulnerability CVE-2023-30767
Details
Improper buffer restrictions in Intel(R) Optimization for TensorFlow before version 2.13.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
Reason for inclusion in AVID: CVE-2023-30767 describes an improper buffer restriction in Intel Optimization for TensorFlow, a software component used within AI stacks. It enables local privilege escalation, indicating a security vulnerability in a dependency used to build/run AI systems. This fits AI-related concerns and software supply chain risk for general-purpose AI pipelines (dependencies/optimizations). Sufficient evidence is provided by the CVE entry and references.
References
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | TensorFlow |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L |
| Base Score | 5.5 |
| Base Severity | 🟠 Medium |
| Attack Vector | LOCAL |
| Attack Complexity | 🔴 High |
| Privileges Required | 🟢 Low |
| User Interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality Impact | 🟢 Low |
| Integrity Impact | 🔴 High |
| Availability Impact | 🟢 Low |
CWE
| ID | Description |
|---|---|
| CWE-92 | Improper buffer restrictions |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2024-02-14
- Version: 0.3.3
- AVID Entry