#VU87459 Security features bypass in Intel products - CVE-2023-22655
Published: March 12, 2024
Vulnerability identifier: #VU87459
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-22655
CWE-ID: CWE-254
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
3rd Generation Intel Xeon Scalable Processors
Intel Xeon D Processors
4th Generation Intel Xeon Platinum processors
4th Generation Intel Xeon Gold Processors
4th Generation Intel Xeon Scalable Processors
4th Generation Intel Xeon Silver Processors
4th Generation Intel Xeon Bronze Processors
Intel Xeon CPU Max Series processors (High Bandwidth Memory HBM)
3rd Generation Intel Xeon Scalable Processors
Intel Xeon D Processors
4th Generation Intel Xeon Platinum processors
4th Generation Intel Xeon Gold Processors
4th Generation Intel Xeon Scalable Processors
4th Generation Intel Xeon Silver Processors
4th Generation Intel Xeon Bronze Processors
Intel Xeon CPU Max Series processors (High Bandwidth Memory HBM)
Software vendor:
Intel
Intel
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a protection mechanism failure in some 3rd and 4th Generation Intel Xeon Processors when using Intel SGX or Intel TDX. A local user can execute arbitrary code with elevated privileges.
Remediation
Install updates from vendor's website.