CVE-2023-30767

Advisory

Improper buffer restrictions in Intel(R) Optimization for TensorFlow before version 2.13.0 may allow an authenticated user to potentially enable escalation of privilege via local access. The vulnerable code is in OneDNN. OneDNN optimizations started to be available in the official x86-64 Linux and Windows builds from version 2.5.0 onward. Only users of OneDNN are affected.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

Improper buffer restrictions in Intel(R) Optimization for TensorFlow before version 2.13.0 may allow an authenticated user to potentially enable escalation of privilege via local access. See CVE-2023-30767.


MISC:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00903.html: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00903.html

Resources

• https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00903.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30767
• https://github.com/tensorflow/tensorflow/issues/75823
• https://github.com/tensorflow/tensorflow/releases/tag/v2.5.0