CVE-2023-45745

CWE-20Improper Input Validation7 documents7 sources
Severity
8.2HIGH
EPSS
0.1%
top 77.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Intel TDX Module
Timeline
PublishedMay 16
Latest updateMay 29

Description

Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:NExploitability: 1.5 | Impact: 5.8

Affected Packages3 packages

CVEListV5intel(r)_tdx_module_softwarebefore version 1.5.05.46.698
NVDintel/tdx_module< 1.5.05.46.698
Debianintel-microcode< 3.20240514.1~deb11u1+3

🔴Vulnerability Details

3
OSV
CVE-2023-45745: Improper input validation in some Intel(R) TDX module software before version 12024-05-16
GHSA
GHSA-6hm6-qx8h-fp2w: Improper input validation in some Intel(R) TDX module software before version 12024-05-16
CVEList
CVE-2023-45745: Improper input validation in some Intel(R) TDX module software before version 12024-05-16

📋Vendor Advisories

3
Ubuntu
Intel Microcode vulnerabilities2024-05-29
Red Hat
intel-microcode: Improper input validation in some Intel(R) TDX module software2024-05-14
Debian
CVE-2023-45745: intel-microcode - Improper input validation in some Intel(R) TDX module software before version 1....2023
CVE-2023-45745 (HIGH CVSS 8.2) | Improper input validation in some I | cvebase.io