CVE-2023-27506 – tensorflow-intel

Package

Manager: pip
Name: tensorflow-intel
Vulnerable Version: >=0 <2.12

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L

CVSS v4.0: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00058 pctl0.183

Details

Authenticated Local Privilege Escalation vulnerability in Intel Optimization for Tensorflow Improper buffer restrictions in the Intel(R) Optimization for Tensorflow software before version 2.12 may allow an authenticated user to potentially enable escalation of privilege via local access.

Metadata

Created: 2023-08-11T03:30:21Z
Modified: 2023-09-01T21:36:28Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-m2f8-v8q4-3m59/GHSA-m2f8-v8q4-3m59.json
CWE IDs: ["CWE-119"]
Alternative ID: GHSA-m2f8-v8q4-3m59
Finding: F316
Auto approve: 1