CVE-2023-28746

Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
intelCNA
6.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Debian logo
Debian Releases
Debian Product
Codename
intel-microcode
bullseye/non-free
3.20240813.1~deb11u1
fixed
bullseye/non-free (security)
3.20241112.1~deb11u1
fixed
bookworm/non-free-firmware
3.20240910.1~deb12u1
fixed
bookworm/non-free-firmware (security)
vulnerable
sid/non-free-firmware
3.20241112.1
fixed
trixie/non-free-firmware
3.20241112.1
fixed
linux
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.226-1
fixed
bookworm
6.1.115-1
fixed
bookworm (security)
6.1.119-1
fixed
trixie
6.12.6-1
fixed
sid
6.12.6-1
fixed
xen
bullseye
vulnerable
bullseye (security)
vulnerable
bookworm
vulnerable
bookworm (security)
4.17.5+23-ga4e5191dc0-1
fixed
trixie
vulnerable
sid
4.19.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
intel-microcode
noble
not-affected
mantic
Fixed 3.20240514.0ubuntu0.23.10.1
released
jammy
Fixed 3.20240514.0ubuntu0.22.04.1
released
focal
Fixed 3.20240514.0ubuntu0.20.04.1
released
bionic
Fixed 3.20240514.0ubuntu0.18.04.1+esm1
released
xenial
Fixed 3.20240514.0ubuntu0.16.04.1+esm1
released
trusty
ignored
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2024/03/12/13
https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html
http://www.openwall.com/lists/oss-security/2024/03/12/13
http://xenbits.xen.org/xsa/advisory-452.html
https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html