Potential security vulnerabilities in some Intel® Thunderbolt™ Declarative Componentized Hardware (DCH) drivers for Windows may allow escalation of privilege, denial of service, and/or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities.
CVEID: CVE-2023-22293
Description: Improper access control in the Intel® Thunderbolt™ DCH drivers for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 8.2 High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CVEID: CVE-2023-25777
Description: Improper access control in some Intel® Thunderbolt™ DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.9 High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
CVEID: CVE-2023-22342
Description: Improper input validation in some Intel® Thunderbolt™ DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.7 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
CVEID: CVE-2023-25779
Description: Uncontrolled search path element in some Intel® Thunderbolt™ DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CVEID: CVE-2023-24542
Description: Unquoted search path or element in some Intel® Thunderbolt™ DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CVEID: CVE-2023-22390
Description: Improper buffer restrictions in some Intel® Thunderbolt™ DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access.
CVSS Base Score: 6.5 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVEID: CVE-2023-24481
Description: Improper access control in some Intel® Thunderbolt™ DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.3 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
CVEID: CVE-2023-24589
Description: Improper buffer restrictions in some Intel® Thunderbolt™ DCH drivers for Windows before version 88 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.1 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L
CVEID: CVE-2023-22848
Description: Improper access control in some Intel® Thunderbolt™ DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access.
CVSS Base Score: 5.5 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVEID: CVE-2023-25769
Description: Uncontrolled resource consumption in some Intel® Thunderbolt™ DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access.
CVSS Base Score: 5.5 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVEID: CVE-2023-26585
Description: Improper access control in some Intel® Thunderbolt™ DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access.
CVSS Base Score: 5.0 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
CVEID: CVE-2023-27308
Description: Improper buffer restrictions in some Intel® Thunderbolt™ DCH drivers for Windows before version 88 may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 4.6 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L
CVEID: CVE-2023-24463
Description: Improper input validation in some Intel® Thunderbolt™ DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
CVSS Base Score: 4.3 Medium
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVEID: CVE-2023-27301
Description: Improper access control in some Intel® Thunderbolt™ DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 4.2 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
CVEID: CVE-2023-27307
Description: Improper buffer restrictions in some Intel® Thunderbolt™ DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access.
CVSS Base Score: 3.8 Low
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVEID: CVE-2023-27300
Description: Improper buffer restrictions in some Intel® Thunderbolt™ DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access.
CVSS Base Score: 3.8 Low
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVEID: CVE-2023-26592
Description: Deserialization of untrusted data in some Intel® Thunderbolt™ DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable a denial of service via local access.
CVSS Base Score: 3.8 Low
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
CVEID: CVE-2023-27303
Description: Improper access control in some Intel® Thunderbolt™ DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable information disclosure via local access.
CVSS Base Score: 3.8 Low
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVEID: CVE-2023-26596
Description: Improper access control in some Intel® Thunderbolt™ DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access.
CVSS Base Score: 2.5 Low
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
CVEID: CVE-2023-26591
Description: Unchecked return value in some Intel® Thunderbolt™ DCH drivers for Windows before version 88 may allow an unauthenticated user to potentially enable denial of service via physical access.
CVSS Base Score: 2.0 Low
CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Intel® Thunderbolt™ DCH driver for Windows before version 88.
CVE-2023-22293: All 6th, 7th, 8th, or 9th Generation Intel® Core processor with Intel® Thunderbolt™ DCH driver all versions.
Intel recommends updating Intel® Thunderbolt™ DCH driver to version 88 or later.
Updates are available for download at this location:
For CVE-2023-22293: Intel recommends setting the Intel® Thunderbolt™ Security Level to SL3 or SL4 in the system BIOS menu and ensure that BIOS access is password protected.
Intel would like to thank Jean-Christophe Delaunay from @Synacktivfor reporting CVE-2023-22293. All other issues were found internally by Intel employees.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.