Intel® OpenVINO™ Software Advisory

Summary:

Potential security vulnerabilities in some Intel® OpenVINO™ software may allow denial of service, information disclosure. Intel is releasing sotfware updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2023-25080

Description: Protection mechanism failure in some Intel® Distribution of OpenVINO™ toolkit software before version 2023.0.0 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 5.3 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N

CVEID: CVE-2023-31203

Description: Improper input validation in some OpenVINO™ Model Server software before version 2022.3 for Intel® Distribution of OpenVINO™ toolkit may allow an unauthenticated user to potentially enable denial of service via network access.

CVSS Base Score: 4.3 Medium

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Affected Products:

Intel® Distribution of OpenVINO™ toolkit software before version 2023.0.0.

OpenVINO™ Model Server software for Intel® Distribution of OpenVINO™ toolkit before version 2022.3.

Recommendation:

Intel recommends updating Intel® Distribution of OpenVINO™ toolkit software to version 2023.0.0 or later.

Updates are available for download at this location:
<https://github.com/openvinotoolkit/openvino/tree/2023.0.0.dev20230427&gt;

Intel recommends updating OpenVINO™ Model Server software for Intel® Distribution of OpenVINO™ toolkit to version 2022.3 or later.

Updates are available for download at this location:
<https://github.com/openvinotoolkit/model_server/releases&gt;

Acknowledgements:

These issues were found internally by Intel employees. Intel would like to thank Intel would like to thank Georgy Krivoruchko and Damian Kalinowski.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.