Security features bypass in Intel products - CVE-2023-22655
Published: March 12, 2024
Vulnerability identifier: #VU87459
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-22655
CWE-ID: CWE-254
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Intel
Affected software:
3rd Generation Intel Xeon Scalable Processors
Intel Xeon D Processors
4th Generation Intel Xeon Platinum processors
4th Generation Intel Xeon Gold Processors
4th Generation Intel Xeon Scalable Processors
4th Generation Intel Xeon Silver Processors
4th Generation Intel Xeon Bronze Processors
Intel Xeon CPU Max Series processors (High Bandwidth Memory HBM)
3rd Generation Intel Xeon Scalable Processors
Intel Xeon D Processors
4th Generation Intel Xeon Platinum processors
4th Generation Intel Xeon Gold Processors
4th Generation Intel Xeon Scalable Processors
4th Generation Intel Xeon Silver Processors
4th Generation Intel Xeon Bronze Processors
Intel Xeon CPU Max Series processors (High Bandwidth Memory HBM)
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a protection mechanism failure in some 3rd and 4th Generation Intel Xeon Processors when using Intel SGX or Intel TDX. A local user can execute arbitrary code with elevated privileges.
How to mitigate CVE-2023-22655
Install updates from vendor's website.