CVE-2023-23908

CVE Database · CVE-2023-23908

CVE-2023-23908

· MEDIUMModified

CVSS v3.1

6.0

EPSS

0.31%

Published

Aug 11, 2023

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Weaknesses (CWE)

CWE-284

Affected Products (414)

intel · microcode (up to 20230808)vulnerable

intel · xeon_d-1513n

intel · xeon_d-1518

intel · xeon_d-1520

intel · xeon_d-1521

intel · xeon_d-1523n

intel · xeon_d-1527

intel · xeon_d-1528

intel · xeon_d-1529

intel · xeon_d-1531

intel · xeon_d-1533n

intel · xeon_d-1537

intel · xeon_d-1539

References (12)

http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00836.html

Vendor Advisory

https://lists.debian.org/debian-lts-announce/2023/08/msg00026.html

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKREYYTWUY7ZDNIB2N6H5BUJ3LE5VZPE/

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OL7WI2TJCWSZIQP2RIOLWHOKLM25M44J/

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20230824-0003/

https://www.debian.org/security/2023/dsa-5474

KEV Catalog EPSS Scores Vendors All CVEs