Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close

CVE-2023-23583

Published: 14 November 2023

Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.

From the Ubuntu Security Team

Benoit Morgan, Paul Grosen, Thais Moreira Hamasaki, Ke Sun, Alyssa Milburn, Hisham Shafi, Nir Shlomovich, Tavis Ormandy, Daniel Moghimi, Josh Eads, Salman Qazi, Alexandra Sandulescu, Andy Nguyen, Eduardo Vela, Doug Kwan, and Kostik Shtoyk discovered that some Intel(R) Processors did not properly handle certain sequences of processor instructions. A local attacker could possibly use this to cause a core hang (resulting in a denial of service) or gain access to sensitive information or possibly escalate their privileges.

Notes

AuthorNote
Priority reason:
Allows privilege escalation from VM to host or unprivileged user to privileged user.

Priority

High

Cvss 3 Severity Score

8.8

Score breakdown

Status

Package Release Status
intel-microcode
Launchpad, Ubuntu, Debian
trusty Ignored
(trusty doesn't support early microcode loading at runtime)
bionic
Released (3.20231114.0ubuntu0.18.04.1+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
focal
Released (3.20231114.0ubuntu0.20.04.1)
upstream Needs triage

jammy
Released (3.20231114.0ubuntu0.22.04.1)
lunar
Released (3.20231114.0ubuntu0.23.04.1)
mantic
Released (3.20231114.0ubuntu0.23.10.1)
xenial
Released (3.20231114.0ubuntu0.16.04.1+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
Patches:
upstream: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/commit/ece0d294a29a1375397941a4e6f2f7217910bc89

Severity score breakdown

Parameter Value
Base score 8.8
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Changed
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H