CVE-2023-27517

Improper access control in some Intel(R) Optane(TM) PMem software before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 may allow an athenticated user to potentially enable escalation of privilege via local access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.6 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
intelCNA
6.6 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
VendorProductVersion
inteloptane_persistent_memory_firmware
01.00.00.3072 ≤
𝑥
< 01.00.00.3547
inteloptane_persistent_memory_firmware
02.00.00.3423 ≤
𝑥
< 02.00.00.3915
inteloptane_persistent_memory_firmware
03.00.00.0302 ≤
𝑥
< 03.00.00.0483
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ipmctl
bullseye
no-dsa
bookworm
no-dsa
sid
03.00.00.0485-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ipmctl
oracular
not-affected
noble
not-affected
mantic
not-affected
jammy
needs-triage
focal
needs-triage
bionic
dne
xenial
dne
trusty
dne
Common Weakness Enumeration
References
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00948.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00948.html