usn-6797-1
Vulnerability from osv_ubuntu
It was discovered that some 3rd and 4th Generation Intel® Xeon® Processors did not properly restrict access to certain hardware features when using Intel® SGX or Intel® TDX. This may allow a privileged local user to potentially further escalate their privileges on the system. This issue only affected Ubuntu 23.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. (CVE-2023-22655)
It was discovered that some Intel® Atom® Processors did not properly clear register state when performing various operations. A local attacker could use this to obtain sensitive information via a transient execution attack. This issue only affected Ubuntu 23.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. (CVE-2023-28746)
It was discovered that some Intel® Processors did not properly clear the state of various hardware structures when switching execution contexts. A local attacker could use this to access privileged information. This issue only affected Ubuntu 23.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. (CVE-2023-38575)
It was discovered that some Intel® Processors did not properly enforce bus lock regulator protections. A remote attacker could use this to cause a denial of service. This issue only affected Ubuntu 23.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. (CVE-2023-39368)
It was discovered that some Intel® Xeon® D Processors did not properly calculate the SGX base key when using Intel® SGX. A privileged local attacker could use this to obtain sensitive information. This issue only affected Ubuntu 23.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. (CVE-2023-43490)
It was discovered that some Intel® Processors did not properly protect against concurrent accesses. A local attacker could use this to obtain sensitive information. (CVE-2023-45733)
It was discovered that some Intel® Processors TDX module software did not properly validate input. A privileged local attacker could use this information to potentially further escalate their privileges on the system. (CVE-2023-45745, CVE-2023-47855)
It was discovered that some Intel® Core™ Ultra processors did not properly handle particular instruction sequences. A local attacker could use this issue to cause a denial of service. (CVE-2023-46103)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2023-22655",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-28746",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-38575",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-39368",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-43490",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-45733",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-45745",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-46103",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-47855",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "intel-microcode",
"binary_version": "3.20240514.0ubuntu0.16.04.1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "intel-microcode",
"purl": "pkg:deb/ubuntu/intel-microcode@3.20240514.0ubuntu0.16.04.1+esm1?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.20240514.0ubuntu0.16.04.1+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.20150121.1",
"3.20151106.1",
"3.20170707.1~ubuntu16.04.0",
"3.20180108.0~ubuntu16.04.2",
"3.20180108.0+really20170707ubuntu16.04.1",
"3.20180312.0~ubuntu16.04.1",
"3.20180425.1~ubuntu0.16.04.1",
"3.20180425.1~ubuntu0.16.04.2",
"3.20180807a.0ubuntu0.16.04.1",
"3.20190514.0ubuntu0.16.04.1",
"3.20190514.0ubuntu0.16.04.2",
"3.20190618.0ubuntu0.16.04.1",
"3.20191112-0ubuntu0.16.04.2",
"3.20191115.1ubuntu0.16.04.1",
"3.20191115.1ubuntu0.16.04.2",
"3.20200609.0ubuntu0.16.04.0",
"3.20200609.0ubuntu0.16.04.1",
"3.20201110.0ubuntu0.16.04.1",
"3.20201110.0ubuntu0.16.04.2",
"3.20210216.0ubuntu0.16.04.1",
"3.20210608.0ubuntu0.16.04.1+esm1",
"3.20220510.0ubuntu0.16.04.1+esm1",
"3.20230214.0ubuntu0.16.04.1+esm1",
"3.20230808.0ubuntu0.16.04.1+esm1",
"3.20231114.0ubuntu0.16.04.1+esm1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2023-22655",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-28746",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-38575",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-39368",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-43490",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-45733",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-45745",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-46103",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-47855",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:18.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "intel-microcode",
"binary_version": "3.20240514.0ubuntu0.18.04.1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "intel-microcode",
"purl": "pkg:deb/ubuntu/intel-microcode@3.20240514.0ubuntu0.18.04.1+esm1?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.20240514.0ubuntu0.18.04.1+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.20170707.1",
"3.20171117.1",
"3.20180108.1",
"3.20180108.1+really20171117.1",
"3.20180312.0~ubuntu18.04.1",
"3.20180425.1~ubuntu0.18.04.1",
"3.20180425.1~ubuntu0.18.04.2",
"3.20180807a.0ubuntu0.18.04.1",
"3.20190514.0ubuntu0.18.04.2",
"3.20190514.0ubuntu0.18.04.3",
"3.20190618.0ubuntu0.18.04.1",
"3.20191112-0ubuntu0.18.04.2",
"3.20191115.1ubuntu0.18.04.1",
"3.20191115.1ubuntu0.18.04.2",
"3.20200609.0ubuntu0.18.04.0",
"3.20200609.0ubuntu0.18.04.1",
"3.20201110.0ubuntu0.18.04.1",
"3.20201110.0ubuntu0.18.04.2",
"3.20210216.0ubuntu0.18.04.1",
"3.20210608.0ubuntu0.18.04.1",
"3.20220510.0ubuntu0.18.04.1",
"3.20220809.0ubuntu0.18.04.1",
"3.20230214.0ubuntu0.18.04.1",
"3.20230808.0ubuntu0.18.04.1+esm1",
"3.20231114.0ubuntu0.18.04.1+esm1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2023-22655",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-28746",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-38575",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-39368",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-43490",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-45733",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-45745",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-46103",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-47855",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:20.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "intel-microcode",
"binary_version": "3.20240514.0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "intel-microcode",
"purl": "pkg:deb/ubuntu/intel-microcode@3.20240514.0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.20240514.0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.20190918.1ubuntu1",
"3.20191115.1ubuntu1",
"3.20191115.1ubuntu2",
"3.20191115.1ubuntu3",
"3.20200609.0ubuntu0.20.04.0",
"3.20200609.0ubuntu0.20.04.1",
"3.20200609.0ubuntu0.20.04.2",
"3.20201110.0ubuntu0.20.04.1",
"3.20201110.0ubuntu0.20.04.2",
"3.20210216.0ubuntu0.20.04.1",
"3.20210608.0ubuntu0.20.04.1",
"3.20220510.0ubuntu0.20.04.1",
"3.20220809.0ubuntu0.20.04.1",
"3.20230214.0ubuntu0.20.04.1",
"3.20230808.0ubuntu0.20.04.1",
"3.20231114.0ubuntu0.20.04.1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2023-22655",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-28746",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-38575",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-39368",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-43490",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-45733",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-45745",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-46103",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-47855",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:22.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "intel-microcode",
"binary_version": "3.20240514.0ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "intel-microcode",
"purl": "pkg:deb/ubuntu/intel-microcode@3.20240514.0ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.20240514.0ubuntu0.22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.20210608.2ubuntu1",
"3.20220510.0ubuntu0.22.04.1",
"3.20220809.0ubuntu0.22.04.1",
"3.20230214.0ubuntu0.22.04.1",
"3.20230808.0ubuntu0.22.04.1",
"3.20231114.0ubuntu0.22.04.1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2023-45733",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-45745",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-46103",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-47855",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:24.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "intel-microcode",
"binary_version": "3.20240514.0ubuntu0.24.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "intel-microcode",
"purl": "pkg:deb/ubuntu/intel-microcode@3.20240514.0ubuntu0.24.04.1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.20240514.0ubuntu0.24.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.20230808.1",
"3.20231114.0ubuntu1",
"3.20231114.1",
"3.20240312.1",
"3.20240312.1build1"
]
}
],
"aliases": [],
"details": "It was discovered that some 3rd and 4th Generation Intel\u00ae Xeon\u00ae Processors\ndid not properly restrict access to certain hardware features when using\nIntel\u00ae SGX or Intel\u00ae TDX. This may allow a privileged local user to\npotentially further escalate their privileges on the system. This issue only\naffected Ubuntu 23.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS and\nUbuntu 16.04 LTS. (CVE-2023-22655)\n\nIt was discovered that some Intel\u00ae Atom\u00ae Processors did not properly clear\nregister state when performing various operations. A local attacker could\nuse this to obtain sensitive information via a transient execution attack.\nThis issue only affected Ubuntu 23.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS,\nUbuntu 18.04 LTS and Ubuntu 16.04 LTS. (CVE-2023-28746)\n\nIt was discovered that some Intel\u00ae Processors did not properly clear the\nstate of various hardware structures when switching execution contexts. A\nlocal attacker could use this to access privileged information. This issue only\naffected Ubuntu 23.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS and\nUbuntu 16.04 LTS. (CVE-2023-38575)\n\nIt was discovered that some Intel\u00ae Processors did not properly enforce bus\nlock regulator protections. A remote attacker could use this to cause a\ndenial of service. This issue only affected Ubuntu 23.10, Ubuntu 22.04 LTS,\nUbuntu 20.04 LTS, Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. (CVE-2023-39368)\n\nIt was discovered that some Intel\u00ae Xeon\u00ae D Processors did not properly\ncalculate the SGX base key when using Intel\u00ae SGX. A privileged local\nattacker could use this to obtain sensitive information. This issue only\naffected Ubuntu 23.10, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04 LTS and\nUbuntu 16.04 LTS. (CVE-2023-43490)\n\nIt was discovered that some Intel\u00ae Processors did not properly protect against\nconcurrent accesses. A local attacker could use this to obtain sensitive\ninformation. (CVE-2023-45733)\n\nIt was discovered that some Intel\u00ae Processors TDX module software did not\nproperly validate input. A privileged local attacker could use this information\nto potentially further escalate their privileges on the system.\n(CVE-2023-45745, CVE-2023-47855)\n\nIt was discovered that some Intel\u00ae Core\u2122 Ultra processors did not properly\nhandle particular instruction sequences. A local attacker could use this\nissue to cause a denial of service. (CVE-2023-46103)\n",
"id": "USN-6797-1",
"modified": "2026-06-25T10:46:21Z",
"published": "2024-05-29T07:13:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6797-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-22655"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-28746"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-38575"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-39368"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-43490"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-45733"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-45745"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-46103"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-47855"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "intel-microcode vulnerabilities",
"upstream": [
"UBUNTU-CVE-2023-22655",
"UBUNTU-CVE-2023-28746",
"UBUNTU-CVE-2023-38575",
"UBUNTU-CVE-2023-39368",
"UBUNTU-CVE-2023-43490",
"UBUNTU-CVE-2023-45733",
"UBUNTU-CVE-2023-45745",
"UBUNTU-CVE-2023-46103",
"UBUNTU-CVE-2023-47855"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.