CVE-2023-47855

CWE-20Improper Input Validation7 documents7 sources
Severity
6.7MEDIUM
EPSS
0.1%
top 77.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Intel TDX Module
Timeline
PublishedMay 16
Latest updateMay 29

Description

Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 0.8 | Impact: 5.2

Affected Packages3 packages

CVEListV5intel(r)_tdx_module_softwarebefore version 1.5.05.46.698
NVDintel/tdx_module< 1.5.05.46.698
Debianintel-microcode< 3.20240514.1~deb11u1+3

🔴Vulnerability Details

3
GHSA
GHSA-gr79-64x9-5p2m: Improper input validation in some Intel(R) TDX module software before version 12024-05-16
CVEList
CVE-2023-47855: Improper input validation in some Intel(R) TDX module software before version 12024-05-16
OSV
CVE-2023-47855: Improper input validation in some Intel(R) TDX module software before version 12024-05-16

📋Vendor Advisories

3
Ubuntu
Intel Microcode vulnerabilities2024-05-29
Red Hat
intel-microcode: Improper input validation in some Intel® TDX module software2024-05-14
Debian
CVE-2023-47855: intel-microcode - Improper input validation in some Intel(R) TDX module software before version 1....2023
CVE-2023-47855 (MEDIUM CVSS 6.7) | Improper input validation in some I | cvebase.io