CVE-2023-43490

Advisory lineage Upstream: 0 Downstream: 13
Deferred
Published: 14 Mar 2024, 16:45
Last modified:13 Feb 2025, 17:13

Vulnerability Summary

Overall Risk (default)
low
21/100
CVSS Score
5.3 MEDIUM
v3.1 (cve.org)
EPSS Score
0.02% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

14 Mar 2024, 16:45
Published
Vulnerability first disclosed
13 Feb 2025, 17:13
Last Modified
Vulnerability information updated

Description

Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local access.

CVSS Metrics

  • v3.1MEDIUMScore: 5.3CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

EPSS Trends

Current EPSS score: 0.02% Percentile: 6%

Techniques & Countermeasures

  • CWE-682Incorrect Calculation

    The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

References (3)