CVE-2023-23908
Advisory lineage Upstream: 0 Downstream: 13
Modified
Published: 11 Aug 2023, 02:37
Last modified:13 Feb 2025, 16:44
Vulnerability Summary
Overall Risk (default)
low
24/100 CVSS Score
6 MEDIUM
v3.1 (cve.org)
EPSS Score
0.01% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
11 Aug 2023, 02:37
Published
Vulnerability first disclosed
13 Feb 2025, 16:44
Last Modified
Vulnerability information updated
Description
Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access.
CVSS Metrics
- v3.1•MEDIUM•Score: 6CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
- v3.1•MEDIUM•Score: 4.4CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS Trends
Current EPSS score: 0.01%• Percentile: 2%
Techniques & Countermeasures
- CWE-284•Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Affected Systems
- debian•debian_linux
10.0 | 11.0 | 12.0
- fedoraproject•fedora
37 | 38
- intel•microcode
< 20230808
- intel•xeon_d-1513n_firmware
na
- intel•xeon_d-1518_firmware
na
- intel•xeon_d-1520_firmware
na
- intel•xeon_d-1521_firmware
na
- intel•xeon_d-1523n_firmware
na
- intel•xeon_d-1527_firmware
na
- intel•xeon_d-1528_firmware
na
- intel•xeon_d-1529_firmware
na
- intel•xeon_d-1531_firmware
na
- intel•xeon_d-1533n_firmware
na
- intel•xeon_d-1537_firmware
na
- intel•xeon_d-1539_firmware
na
- intel•xeon_d-1540_firmware
na
- intel•xeon_d-1541_firmware
na
- intel•xeon_d-1543n_firmware
na
- intel•xeon_d-1548_firmware
na
- intel•xeon_d-1553n_firmware
na
- intel•xeon_d-1557_firmware
na
- intel•xeon_d-1559_firmware
na
- intel•xeon_d-1567_firmware
na
- intel•xeon_d-1571_firmware
na
- intel•xeon_d-1577_firmware
na
- intel•xeon_d-1602_firmware
na
- intel•xeon_d-1622_firmware
na
- intel•xeon_d-1623n_firmware
na
- intel•xeon_d-1627_firmware
na
- intel•xeon_d-1633n_firmware
na
- intel•xeon_d-1637_firmware
na
- intel•xeon_d-1649n_firmware
na
- intel•xeon_d-1653n_firmware
na
- intel•xeon_d-1702_firmware
na
- intel•xeon_d-1712tr_firmware
na
- intel•xeon_d-1713nt_firmware
na
- intel•xeon_d-1713nte_firmware
na
- intel•xeon_d-1714_firmware
na
- intel•xeon_d-1715ter_firmware
na
- intel•xeon_d-1718t_firmware
na
- intel•xeon_d-1722ne_firmware
na
- intel•xeon_d-1726_firmware
na
- intel•xeon_d-1732te_firmware
na
- intel•xeon_d-1733nt_firmware
na
- intel•xeon_d-1734nt_firmware
na
- intel•xeon_d-1735tr_firmware
na
- intel•xeon_d-1736_firmware
na
- intel•xeon_d-1736nt_firmware
na
- intel•xeon_d-1739_firmware
na
- intel•xeon_d-1746ter_firmware
na
Showing first 50 affected entries in server-rendered view.
References (6)
- http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00836.html
- https://www.debian.org/security/2023/dsa-5474
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OL7WI2TJCWSZIQP2RIOLWHOKLM25M44J/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKREYYTWUY7ZDNIB2N6H5BUJ3LE5VZPE/
- https://lists.debian.org/debian-lts-announce/2023/08/msg00026.html
- https://security.netapp.com/advisory/ntap-20230824-0003/