Early Access — Mondoo Vulnerability Intelligence is currently in preview.

UBUNTU-CVE-2023-23908 | Mondoo Vulnerability Intelligence

UBUNTU-CVE-2023-23908

MEDIUM6.0

Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access.

Published Aug 8, 2023

Modified 7 months ago

Fix available

Details

Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access.

Affected Packages

Ubuntu:Pro:14.04:LTSintel-microcode

Affected versions:

1.20130906.1ubuntu21.20130906.1ubuntu32.20140122.12.20140430.1ubuntu12.20140624-t-1ubuntu23.20180108.0+really20170707ubuntu14.04.13.20180108.0~ubuntu14.04.23.20180312.0~ubuntu14.04.13.20180425.1~ubuntu0.14.04.13.20180425.1~ubuntu0.14.04.2+12 more

Ubuntu:Pro:16.04:LTSintel-microcode

Affected versions:

3.20150121.13.20151106.13.20170707.1~ubuntu16.04.03.20180108.0+really20170707ubuntu16.04.13.20180108.0~ubuntu16.04.23.20180312.0~ubuntu16.04.13.20180425.1~ubuntu0.16.04.13.20180425.1~ubuntu0.16.04.23.20180807a.0ubuntu0.16.04.13.20190514.0ubuntu0.16.04.1+13 more

Fixed in:

3.20230808.0ubuntu0.16.04.1+esm1

Ubuntu:Pro:18.04:LTSintel-microcode

Affected versions:

3.20170707.13.20171117.13.20180108.13.20180108.1+really20171117.13.20180312.0~ubuntu18.04.13.20180425.1~ubuntu0.18.04.13.20180425.1~ubuntu0.18.04.23.20180807a.0ubuntu0.18.04.13.20190514.0ubuntu0.18.04.23.20190514.0ubuntu0.18.04.3+13 more

Fixed in:

3.20230808.0ubuntu0.18.04.1+esm1

Ubuntu:20.04:LTSintel-microcode

Affected versions:

3.20190918.1ubuntu13.20191115.1ubuntu13.20191115.1ubuntu23.20191115.1ubuntu33.20200609.0ubuntu0.20.04.03.20200609.0ubuntu0.20.04.13.20200609.0ubuntu0.20.04.23.20201110.0ubuntu0.20.04.13.20201110.0ubuntu0.20.04.23.20210216.0ubuntu0.20.04.1+4 more

Fixed in:

3.20230808.0ubuntu0.20.04.1

Ubuntu:22.04:LTSintel-microcode

Affected versions:

3.20210608.2ubuntu13.20220510.0ubuntu0.22.04.13.20220809.0ubuntu0.22.04.13.20230214.0ubuntu0.22.04.1

Fixed in:

3.20230808.0ubuntu0.22.04.1

Ubuntu:24.04:LTSintel-microcode

Fixed in:

3.20230808.1

Ubuntu:14.04:LTSintel-microcode

Affected versions:

Ubuntu:16.04:LTSintel-microcode

Affected versions:

Ubuntu:18.04:LTSintel-microcode

Affected versions:

References

REPORThttps://ubuntu.com/security/CVE-2023-23908 REPORThttps://ubuntu.com/security/notices/USN-6286-1 REPORThttps://www.cve.org/CVERecord?id=CVE-2023-23908 REPORThttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00836.html

CVSS Analysis

CVSS v3.1

6.0

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

HighPR:H

User Interaction

NoneUI:N

Scope

ChangedS:C

Impact

Confidentiality

HighC:H

Integrity

NoneI:N

Availability

NoneA:N

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CVE-2023-23908 USN-6286-1

Ecosystems

Ubuntu Pro 14.04 LTS Ubuntu Pro 16.04 LTS Ubuntu Pro 18.04 LTS Ubuntu 20.04 LTS Ubuntu 22.04 LTS Ubuntu 24.04 LTS Ubuntu 14.04 LTS Ubuntu 16.04 LTS Ubuntu 18.04 LTS

Timeline

PublishedAug 8, 2023

ModifiedJun 2, 2025

UBUNTU-CVE-2023-23908

Details

Affected Packages

References

CVSS Analysis

Related

Ecosystems

Timeline