Potential security vulnerabilities in some Intel® OpenVINO™ software may allow denial of service, information disclosure. Intel is releasing sotfware updates to mitigate these potential vulnerabilities.
CVEID: CVE-2023-25080
Description: Protection mechanism failure in some Intel® Distribution of OpenVINO™ toolkit software before version 2023.0.0 may allow an authenticated user to potentially enable information disclosure via local access.
CVSS Base Score: 5.3 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N
CVEID: CVE-2023-31203
Description: Improper input validation in some OpenVINO™ Model Server software before version 2022.3 for Intel® Distribution of OpenVINO™ toolkit may allow an unauthenticated user to potentially enable denial of service via network access.
CVSS Base Score: 4.3 Medium
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Intel® Distribution of OpenVINO™ toolkit software before version 2023.0.0.
OpenVINO™ Model Server software for Intel® Distribution of OpenVINO™ toolkit before version 2022.3.
Intel recommends updating Intel® Distribution of OpenVINO™ toolkit software to version 2023.0.0 or later.
Updates are available for download at this location:
<https://github.com/openvinotoolkit/openvino/tree/2023.0.0.dev20230427>
Intel recommends updating OpenVINO™ Model Server software for Intel® Distribution of OpenVINO™ toolkit to version 2022.3 or later.
Updates are available for download at this location:
<https://github.com/openvinotoolkit/model_server/releases>
These issues were found internally by Intel employees. Intel would like to thank Intel would like to thank Georgy Krivoruchko and Damian Kalinowski.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.