#VU96077 Buffer overflow in Intel products - CVE-2023-38655

Vulnerability identifier: #VU96077

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-38655

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Intel C420 Chipset
Intel X299 Chipset
Intel C230 series chipset
2nd Gen Intel Xeon Scalable processor
Intel Xeon W processor 3200 series
1st Gen Intel Xeon Scalable processor
Intel Xeon W processor 3100 series
8th Gen Intel Core processor
Intel 200 Series Chipset
Intel 100 Series Chipset
Intel 300 Series Chipset
Intel C240 Series Chipset
Pentium Gold processor series (G54XXU)
Celeron processor 4000 series
Intel 400 Series Chipset
Intel 500 series chipset
Intel C250 Series Chipset
Intel Atom x6000E series
Intel 600 Series Chipset
Intel Celeron Processor N Series
Intel Celeron Processor J Series
Intel Pentium Processor Silver Series
Intel Pentium Processor N Series
Intel Pentium Processor J Series

Software vendor:
Intel

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in firmware. A local administrator can trigger memory corruption and cause a denail of service condition on the target system.

Install updates from vendor's website.

• https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html