CVE-2023-27517

EUVD-2023-31279
Improper access control in some Intel(R) Optane(TM) PMem software before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 may allow an athenticated user to potentially enable escalation of privilege via local access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.6 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
intelCNA
6.6 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Affected Products (NVD)
VendorProductVersion
inteloptane_persistent_memory_firmware
01.00.00.3072 ≤
𝑥
< 01.00.00.3547
inteloptane_persistent_memory_firmware
02.00.00.3423 ≤
𝑥
< 02.00.00.3915
inteloptane_persistent_memory_firmware
03.00.00.0302 ≤
𝑥
< 03.00.00.0483
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ipmctl
bookworm
no-dsa
bullseye
no-dsa
sid
03.00.00.0485-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ipmctl
bionic
dne
focal
needs-triage
jammy
needs-triage
mantic
not-affected
noble
not-affected
oracular
not-affected
trusty
dne
xenial
dne
Common Weakness Enumeration
References
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00948.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00948.html