CVE-2023-28746

EUVD-2023-32384
Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
intelCNA
6.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB5035858
1607 (x64, x86)
KB5035855
1809 (x64, x86)
KB5035849
21H2 (x64, x86)
KB5035845
22H2 (x64, x86)
KB5035845
Windows 11
21H2 (x64)
KB5035854
22H2 (x64)
KB5035853
23H2 (x64)
KB5035853
Windows Server 2008
Service Pack 2 (x64)
KB5035933
Service Pack 2 Server Core (x64)
KB5035933
Windows Server 2008 R2
Service Pack 1 (x64)
KB5035919
Service Pack 1 Server Core (x64)
KB5035919
Windows Server 2012
Server Core
KB5035930
Standard
KB5035930
Windows Server 2012 R2
Server Core
KB5035885
Standard
KB5035885
Windows Server 2016
Server Core
KB5035855
Standard
KB5035855
Windows Server 2019
Server Core
KB5035849
Standard
KB5035849
Windows Server 2022
23H2 Server Core
KB5035856
Server Core
KB5035857
Standard
KB5035857
Debian logo
Debian Releases
Debian Product
Codename
intel-microcode
bookworm/non-free-firmware
3.20240910.1~deb12u1
fixed
bookworm/non-free-firmware (security)
vulnerable
bullseye/non-free
3.20240813.1~deb11u1
fixed
bullseye/non-free (security)
3.20241112.1~deb11u1
fixed
sid/non-free-firmware
3.20241112.1
fixed
trixie/non-free-firmware
3.20241112.1
fixed
linux
bookworm
6.1.115-1
fixed
bookworm (security)
6.1.119-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.226-1
fixed
sid
6.12.6-1
fixed
trixie
6.12.6-1
fixed
xen
bookworm
vulnerable
bookworm (security)
4.17.5+23-ga4e5191dc0-1
fixed
bullseye
vulnerable
bullseye (security)
vulnerable
sid
4.19.1-1
fixed
trixie
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
intel-microcode
bionic
Fixed 3.20240514.0ubuntu0.18.04.1+esm1
released
focal
Fixed 3.20240514.0ubuntu0.20.04.1
released
jammy
Fixed 3.20240514.0ubuntu0.22.04.1
released
mantic
Fixed 3.20240514.0ubuntu0.23.10.1
released
noble
not-affected
trusty
ignored
xenial
Fixed 3.20240514.0ubuntu0.16.04.1+esm1
released
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2024/03/12/13
https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html
http://www.openwall.com/lists/oss-security/2024/03/12/13
http://xenbits.xen.org/xsa/advisory-452.html
https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html