EGI SVG Advisories

Advisory-EGI-SVG-2023-58

‘ALERT’ [TLP:CLEAR] Intel processor vulnerability [EGI-SVG-2023-58]

Date: 2023-11-21 Updated 2023-10-29

A security vulnerability was found in some Intel processors potentially allowing privilege escalation, information disclosure and/or a denial of service via local access. [R 1] [R 2]

IDs AND CVSS SCORE

EGI SVG ID : EGI-SVG-2023-58

CVE ID : CVE-2023-23583

CVSS Score : 8.8 [R 1]

UPDATE 2024-10-29

Further information related to this vulnerability and others in:–

https://advisories.egi.eu/Advisory-EGI-SVG-2024-24

ACTIONS REQUIRED/RECOMMENDED

Sites running intel hardware are recommended to look at the announced information and take appropriate action.

If anyone becomes aware of any situation where this vulnerability has a significant impact on the EGI infrastructure then please inform EGI SVG.

See references below for further information, especially [R 3]

STATUS OF THIS ADVISORY

TLP:CLEAR information - Unlimited distribution

https://advisories.egi.eu/Advisory-EGI-SVG-2023-58

https://advisories.egi.eu/Advisory-SVG-CVE-2023-23583

Minor updates may be made without re-distribution to the sites.

CONTACT AND OTHER INFORMATION ON SVG

Comments or questions should be sent to svg-rat at mailman.egi.eu

Vulnerabilities relevant for EGI can be reported at report-vulnerability at egi.eu

(see [R 99] for further details, and other information on SVG)

REFERENCES

• [R 1] https://nvd.nist.gov/vuln/detail/CVE-2023-23583

• [R 2] https://access.redhat.com/security/cve/CVE-2023-23583

• [R 3] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html

• [R 99] https://confluence.egi.eu/display/EGIBG/SVG+Advisories

CREDITS

SVG was alerted to this vulnerability by Barbara Krasovec

This site is open source. Improve this page.