CVE-2023-23908 — Improper Access Control in Intel Microcode

CWE-284 — Improper Access Control CWE-200 — Sensitive Information Exposure9 documents8 sources

Severity

4.4MEDIUMNVD

CNA6.0OSV6.5

EPSS

0.0%

top 97.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Microcode Debian Linux Fedoraproject Fedora

Timeline

PublishedAug 11

Latest updateAug 14

Description

Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages1 packages

▶NVDintel/microcode< 20230808

Also affects: Debian Linux 10.0, 11.0, 12.0, Fedora 37, 38

🔴Vulnerability Details

OSV

intel-microcode vulnerabilities↗2023-08-14

▶

GHSA

GHSA-4cmv-5jrx-5j4h: Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disc↗2023-08-11

▶

OSV

CVE-2023-23908: Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disc↗2023-08-11

▶

CVEList

CVE-2023-23908: Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disc↗2023-08-11

▶

📋Vendor Advisories

Ubuntu

Intel Microcode vulnerabilities↗2023-08-14

▶

Red Hat

hw: Intel: 3rd Generation processors may allow information disclosure↗2023-08-08

▶

Debian

CVE-2023-23908: intel-microcode - Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable process...↗2023

▶

💬Community

Bugzilla

CVE-2023-23908 hw: Intel: 3rd Generation processors may allow information disclosure↗2023-08-09

▶