CVE-2023-28746Information Exposure through Microarchitectural State after Transient Execution in Intel-microcode

CWE-1342Information Exposure through Microarchitectural State after Transient ExecutionCWE-1037Processor Optimization Removal or Modification of Security-critical Code14 documents10 sources
Severity
6.5MEDIUMNVD
OSV6.1
EPSS
0.1%
top 84.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
20
Linux KernelXENDebian Intel-microcode+17 more
Timeline
PublishedMar 14
Latest updateMay 29

Description

Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 2.0 | Impact: 4.0

Affected Packages20 packages

debiandebian/intel-microcode< intel-microcode 3.20240312.1~deb12u1 (bookworm)
debiandebian/xen< intel-microcode 3.20240312.1~deb12u1 (bookworm)
debiandebian/linux< intel-microcode 3.20240312.1~deb12u1 (bookworm)
Debianxen/xen< 4.17.5+23-ga4e5191dc0-1+2
Debianlinux/linux_kernel< 5.10.216-1+3

🔴Vulnerability Details

3
OSV
intel-microcode vulnerabilities2024-05-29
OSV
CVE-2023-28746: Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allo2024-03-14
GHSA
GHSA-36c8-x5g7-w9x4: Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allo2024-03-14

📋Vendor Advisories

4
Ubuntu
Intel Microcode vulnerabilities2024-05-29
Microsoft
Intel: CVE-2023-28746 Register File Data Sampling (RFDS)2024-03-12
Red Hat
kernel: Local information disclosure on Intel(R) Atom(R) processors2024-02-14
Debian
CVE-2023-28746: intel-microcode - Information exposure through microarchitectural state after transient execution ...2023

🕵️Threat Intelligence

5
Bleepingcomputer
Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs2024-03-12
Trendmicro
The March 2024 Security Update Review2024-03-12
Trendmicro
The March 2024 Security Update Review2024-03-12
Trendmicro
The March 2024 Security Update Review2024-03-12
Trendmicro
The March 2024 Security Update Review2024-03-12

💬Community

1
Bugzilla
CVE-2023-28746 kernel: Local information disclosure on Intel(R) Atom(R) processors2024-03-21