CVE-2023-30767 — MEDIUM (CVSS 6.7) AI Security Vulnerability

CISO Take

Intel's optimized TensorFlow distribution has a buffer overflow enabling local privilege escalation. Primary exposure is on shared ML compute infrastructure — HPC clusters and multi-tenant training nodes — where a low-privileged user could escalate and access other tenants' model weights or training datasets. Patch to Intel Optimization for TensorFlow 2.13.0+ on all shared ML nodes immediately; single-tenant isolated deployments carry lower urgency.

Risk Assessment

Effective risk is moderate-low in isolated single-tenant ML environments but escalates materially on shared training infrastructure. CVSS 6.7 reflects high attack complexity (AC:H) and required user interaction (UI:R), significantly reducing opportunistic exploitation likelihood. No public exploits observed and not in CISA KEV. Primary threat profile is an insider or compromised low-privileged account on a shared ML compute node — a realistic scenario in enterprise data science platforms and cloud-based training clusters.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
optimization_for_tensorflow	pip	—	No patch
195.0K OpenSSF 7.2 3.7K dependents Pushed 6d ago 4% patched ~1372d to patch Full package profile →

Do you use optimization_for_tensorflow? You're affected.

Severity & Risk

CVSS 3.1

6.7 / 10

EPSS

0.1%

chance of exploitation in 30 days

Higher than 21% of all CVEs

Source: EPSS v3 — FIRST.org

Exploitation Status

No known exploitation

Sophistication

Advanced

Attack Surface

AV Local

AC High

PR Low

UI Required

S Unchanged

C High

I High

A High

Recommended Action

6 steps

Upgrade Intel Optimization for TensorFlow to 2.13.0+ on all training and inference nodes immediately.
Inventory all ML infrastructure for Intel-optimized TensorFlow deployments — pay special attention to shared HPC and Kubernetes nodes.
Enforce strict namespace and container isolation on multi-tenant ML clusters to limit privilege escalation blast radius.
Restrict filesystem permissions on model checkpoint directories and training data stores to principle of least privilege.
Monitor for anomalous process spawning from TensorFlow worker processes (unusual child processes, unexpected file access outside workload scope).
Consult Intel SA-00903 for official vendor guidance and any additional mitigations.

CISA SSVC Assessment

Decision Track

Exploitation none

Automatable No

Technical Impact partial

Source: CISA Vulnrichment (SSVC v2.0). Decision based on the CISA Coordinator decision tree.

Classification

Code Execution Supply Chain Framework Training Data AML.T0010.001 - AI Software AML.T0035 - AI Artifact Collection AML.T0037 - Data from Local System

Compliance Impact

This CVE is relevant to:

EU AI Act

Article 15 - Accuracy, robustness and cybersecurity of high-risk AI systems

ISO 42001

A.6.2 - AI system supply chain management

NIST AI RMF

GOVERN-6.1 - AI supply chain transparency and risk management policies MANAGE-2.4 - Remediation of identified AI risks and vulnerabilities

Frequently Asked Questions

What is CVE-2023-30767?

Intel's optimized TensorFlow distribution has a buffer overflow enabling local privilege escalation. Primary exposure is on shared ML compute infrastructure — HPC clusters and multi-tenant training nodes — where a low-privileged user could escalate and access other tenants' model weights or training datasets. Patch to Intel Optimization for TensorFlow 2.13.0+ on all shared ML nodes immediately; single-tenant isolated deployments carry lower urgency.

Is CVE-2023-30767 actively exploited?

No confirmed active exploitation of CVE-2023-30767 has been reported, but organizations should still patch proactively.

How to fix CVE-2023-30767?

1. Upgrade Intel Optimization for TensorFlow to 2.13.0+ on all training and inference nodes immediately. 2. Inventory all ML infrastructure for Intel-optimized TensorFlow deployments — pay special attention to shared HPC and Kubernetes nodes. 3. Enforce strict namespace and container isolation on multi-tenant ML clusters to limit privilege escalation blast radius. 4. Restrict filesystem permissions on model checkpoint directories and training data stores to principle of least privilege. 5. Monitor for anomalous process spawning from TensorFlow worker processes (unusual child processes, unexpected file access outside workload scope). 6. Consult Intel SA-00903 for official vendor guidance and any additional mitigations.

What systems are affected by CVE-2023-30767?

This vulnerability affects the following AI/ML architecture patterns: training pipelines, model serving, shared ML compute clusters.

What is the CVSS score for CVE-2023-30767?

CVE-2023-30767 has a CVSS v3.1 base score of 6.7 (MEDIUM). The EPSS exploitation probability is 0.07%.

Technical Details

NVD Description

Improper buffer restrictions in Intel(R) Optimization for TensorFlow before version 2.13.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Exploitation Scenario

A data scientist with a low-privileged account on a shared HPC training node running Intel-optimized TensorFlow triggers the buffer overflow via a crafted input that exploits the improper buffer restrictions during a training operation — requiring interaction from a co-located user (e.g., execution of a shared training script). The memory corruption overwrites security-critical data structures or function pointers within the Intel TF optimization layer, enabling escalation to a higher-privileged process or root. The attacker then pivots to access competing teams' model checkpoints, exfiltrates proprietary training datasets, or injects a backdoored model into a shared registry consumed by downstream production inference pipelines.