CVE-2023-28746

Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.0 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
http://www.openwall.com/lists/oss-security/2024/03/12/13
https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html

Configurations

No configuration.

History

No history.

Information

Published : 2024-03-14 17:15

Updated : 2024-06-25 23:15

NVD link : CVE-2023-28746

Mitre link : CVE-2023-28746

CVE.ORG link : CVE-2023-28746

JSON object : View

Products Affected

No product.

CWE

CWE-1342

Information Exposure through Microarchitectural State after Transient Execution

{"id": "CVE-2023-28746", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secure@intel.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 2.0}]}, "published": "2024-03-14T17:15:50.533", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/03/12/13", "source": "secure@intel.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html", "source": "secure@intel.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "source": "secure@intel.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/", "source": "secure@intel.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/", "source": "secure@intel.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/", "source": "secure@intel.com"}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html", "source": "secure@intel.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secure@intel.com", "description": [{"lang": "en", "value": "CWE-1342"}]}], "descriptions": [{"lang": "en", "value": "Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."}, {"lang": "es", "value": "La exposici\u00f3n de la informaci\u00f3n a trav\u00e9s del estado de la microarquitectura despu\u00e9s de la ejecuci\u00f3n transitoria de algunos archivos de registro para algunos procesadores Intel(R) Atom(R) puede permitir que un usuario autenticado potencialmente habilite la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso local."}], "lastModified": "2024-06-25T23:15:21.940", "sourceIdentifier": "secure@intel.com"}