Potential Escalation of Privilege via Local Access in Intel(R) SGX or Intel(R) TDX
CVE-2023-32666

7.2HIGH

Key Information:

Vendor: Intel
Status: 4th Generation Intel(r) Xeon(r) Processors When Using Intel(r) Sgx Or Intel(r) Tdx
Vendor: CVE Published:; 14 March 2024

What is CVE-2023-32666?

The vulnerability allows a privileged user to exploit improper access control in the on-chip debug and test interfaces of specific 4th Generation Intel Xeon Processors. When utilizing Intel Software Guard Extensions (SGX) or Intel Trusted Execution Technology (TDX), this flaw could potentially lead to escalation of privileges through local access. This situation poses a significant security risk, highlighting the importance of monitoring and securing access to sensitive system resources.

Affected Version(s)

4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX some 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX

References

https://www.intel.com/content/www/us/en/security-center/a...

https://security.netapp.com/advisory/ntap-20240405-0010/

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 14, 2024
Vulnerability Reserved
Aug 4, 2023