CVE-2023-22655 — Protection Mechanism Failure in Intel-microcode

CWE-693 — Protection Mechanism Failure8 documents7 sources

Severity

6.1MEDIUMNVD

EPSS

0.0%

top 91.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Intel-microcode

Timeline

PublishedMar 14

Latest updateMay 29

Description

Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:NExploitability: 0.8 | Impact: 4.7

Affected Packages1 packages

▶debiandebian/intel-microcode< intel-microcode 3.20240312.1~deb12u1 (bookworm)

🔴Vulnerability Details

OSV

intel-microcode vulnerabilities↗2024-05-29

▶

OSV

CVE-2023-22655: Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged↗2024-03-14

▶

GHSA

GHSA-hv2r-vh4p-hqmp: Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged↗2024-03-14

▶

📋Vendor Advisories

Ubuntu

Intel Microcode vulnerabilities↗2024-05-29

▶

Red Hat

kernel: local privilege escalation on Intel microcode on Intel(R) Xeon(R)↗2024-03-12

▶

Debian

CVE-2023-22655: intel-microcode - Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Pro...↗2023

▶

💬Community

Bugzilla

CVE-2023-22655 kernel: local privilege escalation on Intel microcode on Intel(R) Xeon(R)↗2024-03-21

▶