A potential security vulnerability in some Intel® Processors may allow escalation of privilege and/or information disclosure and/or denial of service via local access. Intel is releasing firmware updates to mitigate this potential vulnerability.
CVEID: CVE-2023-23583
Description: Sequence of processor instructions leads to unexpected behavior for some Intel® Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.
CVSS Base Score: 8.8 High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Products with new microcode update:
Product Collection
|
Vertical Segment
|
CPU ID
|
Platform ID
—|—|—|—
10th Generation Intel® Core™ Processor Family
|
Mobile
|
706E5
|
80
3rd Generation Intel® Xeon® Processor Scalable Family
|
Server
|
606A6
|
87
Intel® Xeon® D Processor
|
Server
|
606C1
|
10
11th Generation Intel® Core Processor Family
|
Desktop
Embedded
|
A0671
|
02
11th Generation Intel® Core Processor Family
|
Mobile
Embedded
|
806C1
806C2
806D1
|
80
C2
C2
Intel® Server Processor
|
Server
Embedded
|
A0671
|
02
The following products have already been mitigated:
Product Collection
|
Vertical Segment
|
CPU ID
|
Platform ID
|
Mitigated Microcode Version
—|—|—|—|—
12th Generation Intel® Core™ Processor Family
|
Mobile
|
906A4
|
80
|
0x2b
4th Generation Intel® Xeon® Processor Scalable Family
|
Server
|
806F8
|
87
|
0x2B000461
13th Generation Intel® Core™ Processor Family
|
Desktop
|
B0671
|
01
|
0x410E
For an exhaustive list of processors please visit:
<https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html>
Intel recommends that users of listed Intel® Processors update to the latest versions provided by the system manufacturer that addresses these issues.
Please refer to the technical paper here for additional information.
Intel would like to thank Intel employees: Benoit Morgan, Paul Grosen, Thais Moreira Hamasaki, Ke Sun, Alyssa Milburn, Hisham Shafi, and Nir Shlomovich for finding this issue internally.
Intel would like to thank Google Employees: Tavis Ormandy, Daniel Moghimi, Josh Eads, Salman Qazi, Alexandra Sandulescu, Andy Nguyen, Eduardo Vela, Doug Kwan, and Kostik Shtoyk for also reporting this issue.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.