Multiple vulnerabilities in Intel System Security Report and System Resources Defense
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2023-48267 CVE-2023-48366 CVE-2023-49603 CVE-2023-49615 CVE-2023-49618 CVE-2024-36262 |
| CWE-ID | CWE-119 CWE-362 CWE-20 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Intel System Security Report and System Resource Defense (PPAM) Hardware solutions / Firmware 11th Generation Intel Core Processors Hardware solutions / Firmware 12th Generation Intel Core Processors Hardware solutions / Firmware Intel Pentium Gold Processor Series Hardware solutions / Firmware Intel Celeron Processors Hardware solutions / Firmware 10th Generation Intel Core Processors Hardware solutions / Firmware 13th Generation Intel Core Processors Hardware solutions / Firmware Intel Xeon W Processor 1300 Series Hardware solutions / Firmware 13th Generation Intel Core i7 processors Hardware solutions / Other hardware appliances |
| Vendor | Intel |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU103961
Risk: Low
CVSSv4.0: 5.5 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H/E:U/U:Clear]
CVE-ID: CVE-2023-48267
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error. A local administrator can trigger memory corruption and gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel System Security Report and System Resource Defense (PPAM): All versions
11th Generation Intel Core Processors: All versions
12th Generation Intel Core Processors: All versions
Intel Pentium Gold Processor Series: All versions
Intel Celeron Processors: All versions
10th Generation Intel Core Processors: All versions
CPE2.3- cpe:2.3:h:intel:intel_system_security_report_and_system_resource_defense_ppam:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:11th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:12th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_pentium_gold_processor_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_celeron_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:10th_generation_intel_core_processors:*:*:*:*:*:*:*:*
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01203.html
https://www.dell.com/support/kbdoc/en-us/000236851/dsa-2025-002
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Race condition
EUVDB-ID: #VU103962
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-48366
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a race condition. A local administrator can exploit the race and gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel System Security Report and System Resource Defense (PPAM): All versions
11th Generation Intel Core Processors: All versions
12th Generation Intel Core Processors: All versions
Intel Pentium Gold Processor Series: All versions
Intel Celeron Processors: All versions
10th Generation Intel Core Processors: All versions
13th Generation Intel Core Processors: All versions
13th Generation Intel Core i7 processors: All versions
CPE2.3- cpe:2.3:h:intel:intel_system_security_report_and_system_resource_defense_ppam:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:11th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:12th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_pentium_gold_processor_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_celeron_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:10th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:13th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:13th_generation_intel_core_i7_processors:*:*:*:*:*:*:*:*
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01203.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Race condition
EUVDB-ID: #VU103963
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U/U:Clear]
CVE-ID: CVE-2023-49603
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition. A local administrator can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel System Security Report and System Resource Defense (PPAM): All versions
11th Generation Intel Core Processors: All versions
12th Generation Intel Core Processors: All versions
Intel Pentium Gold Processor Series: All versions
Intel Celeron Processors: All versions
10th Generation Intel Core Processors: All versions
CPE2.3- cpe:2.3:h:intel:intel_system_security_report_and_system_resource_defense_ppam:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:11th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:12th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_pentium_gold_processor_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_celeron_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:10th_generation_intel_core_processors:*:*:*:*:*:*:*:*
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01203.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU103964
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U/U:Clear]
CVE-ID: CVE-2023-49615
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A local administrator can pass specially crafted input to the application and gain elevated privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel System Security Report and System Resource Defense (PPAM): All versions
11th Generation Intel Core Processors: All versions
12th Generation Intel Core Processors: All versions
Intel Pentium Gold Processor Series: All versions
Intel Celeron Processors: All versions
10th Generation Intel Core Processors: All versions
CPE2.3- cpe:2.3:h:intel:intel_system_security_report_and_system_resource_defense_ppam:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:11th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:12th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_pentium_gold_processor_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_celeron_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:10th_generation_intel_core_processors:*:*:*:*:*:*:*:*
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01203.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU103965
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U/U:Clear]
CVE-ID: CVE-2023-49618
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error. A local administrator can trigger memory corruption and gain elevated privileges on the target system.
Install updates from vendor's website.
Vulnerable software versionsIntel System Security Report and System Resource Defense (PPAM): All versions
11th Generation Intel Core Processors: All versions
12th Generation Intel Core Processors: All versions
Intel Pentium Gold Processor Series: All versions
Intel Celeron Processors: All versions
10th Generation Intel Core Processors: All versions
CPE2.3- cpe:2.3:h:intel:intel_system_security_report_and_system_resource_defense_ppam:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:11th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:12th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_pentium_gold_processor_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_celeron_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:10th_generation_intel_core_processors:*:*:*:*:*:*:*:*
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01203.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Race condition
EUVDB-ID: #VU103966
Risk: Low
CVSSv4.0: 0.9 [CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36262
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition. A local administrator can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIntel System Security Report and System Resource Defense (PPAM): All versions
11th Generation Intel Core Processors: All versions
12th Generation Intel Core Processors: All versions
Intel Pentium Gold Processor Series: All versions
Intel Celeron Processors: All versions
10th Generation Intel Core Processors: All versions
Intel Xeon W Processor 1300 Series: All versions
13th Generation Intel Core Processors: All versions
13th Generation Intel Core i7 processors: All versions
CPE2.3- cpe:2.3:h:intel:intel_system_security_report_and_system_resource_defense_ppam:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:11th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:12th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_pentium_gold_processor_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_celeron_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:10th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_xeon_w_processor_1300_series:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:13th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:13th_generation_intel_core_i7_processors:*:*:*:*:*:*:*:*
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01203.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
