Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-28736 (GCVE-0-2023-28736)
Vulnerability from cvelistv5
Published
2023-08-11 02:36
Modified
2024-10-01 20:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
- CWE-120 - Buffer overflow
Summary
Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) SSD Tools software |
Version: before version mdadm-4.2-rc2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:37.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html",
"tags": [
"x_transferred"
],
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28736",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T20:24:05.925264Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T20:31:29.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) SSD Tools software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version mdadm-4.2-rc2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-120",
"description": "Buffer overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-11T02:36:51.218Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html",
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-28736",
"datePublished": "2023-08-11T02:36:51.218Z",
"dateReserved": "2023-04-01T03:00:04.501Z",
"dateUpdated": "2024-10-01T20:31:29.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-28736\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2023-08-11T03:15:25.950\",\"lastModified\":\"2024-11-21T07:55:53.890\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@intel.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L\",\"baseScore\":5.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.5,\"impactScore\":3.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secure@intel.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mdadm_project:mdadm:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.2\",\"matchCriteriaId\":\"57006DDC-FD21-43BC-9DE8-6E03993FAB65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mdadm_project:mdadm:4.2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D9C5AB9-778F-4A22-91E2-04A124833A49\"}]}]}],\"references\":[{\"url\":\"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html\", \"name\": \"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T13:51:37.032Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-28736\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-01T20:24:05.925264Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-01T20:31:25.253Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5.7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"Intel(R) SSD Tools software\", \"versions\": [{\"status\": \"affected\", \"version\": \"before version mdadm-4.2-rc2\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html\", \"name\": \"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"escalation of privilege\"}, {\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-120\", \"description\": \"Buffer overflow\"}]}], \"providerMetadata\": {\"orgId\": \"6dda929c-bb53-4a77-a76d-48e79601a1ce\", \"shortName\": \"intel\", \"dateUpdated\": \"2023-08-11T02:36:51.218Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-28736\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-01T20:31:29.903Z\", \"dateReserved\": \"2023-04-01T03:00:04.501Z\", \"assignerOrgId\": \"6dda929c-bb53-4a77-a76d-48e79601a1ce\", \"datePublished\": \"2023-08-11T02:36:51.218Z\", \"assignerShortName\": \"intel\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
suse-su-2023:3953-1
Vulnerability from csaf_suse
Published
2023-10-03 18:08
Modified
2023-10-03 18:08
Summary
Security update for mdadm
Notes
Title of the patch
Security update for mdadm
Description of the patch
This update for mdadm fixes the following issues:
- CVE-2023-28736: Fixed a buffer overflow (bsc#1214244).
- CVE-2023-28938: Fixed uncontrolled resource consumption (bsc#1214245).
Patchnames
SUSE-2023-3953,SUSE-SLE-Micro-5.3-2023-3953,SUSE-SLE-Micro-5.4-2023-3953,SUSE-SLE-Module-Basesystem-15-SP4-2023-3953,SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3953,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3953,SUSE-SUSE-MicroOS-5.1-2023-3953,SUSE-SUSE-MicroOS-5.2-2023-3953,openSUSE-SLE-15.4-2023-3953
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for mdadm",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for mdadm fixes the following issues:\n\n- CVE-2023-28736: Fixed a buffer overflow (bsc#1214244).\n- CVE-2023-28938: Fixed uncontrolled resource consumption (bsc#1214245).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3953,SUSE-SLE-Micro-5.3-2023-3953,SUSE-SLE-Micro-5.4-2023-3953,SUSE-SLE-Module-Basesystem-15-SP4-2023-3953,SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3953,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3953,SUSE-SUSE-MicroOS-5.1-2023-3953,SUSE-SUSE-MicroOS-5.2-2023-3953,openSUSE-SLE-15.4-2023-3953",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3953-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3953-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233953-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3953-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016488.html"
},
{
"category": "self",
"summary": "SUSE Bug 1214244",
"url": "https://bugzilla.suse.com/1214244"
},
{
"category": "self",
"summary": "SUSE Bug 1214245",
"url": "https://bugzilla.suse.com/1214245"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28736 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28938 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28938/"
}
],
"title": "Security update for mdadm",
"tracking": {
"current_release_date": "2023-10-03T18:08:42Z",
"generator": {
"date": "2023-10-03T18:08:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3953-1",
"initial_release_date": "2023-10-03T18:08:42Z",
"revision_history": [
{
"date": "2023-10-03T18:08:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "mdadm-4.1-150300.24.33.1.aarch64",
"product": {
"name": "mdadm-4.1-150300.24.33.1.aarch64",
"product_id": "mdadm-4.1-150300.24.33.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "mdadm-4.1-150300.24.33.1.i586",
"product": {
"name": "mdadm-4.1-150300.24.33.1.i586",
"product_id": "mdadm-4.1-150300.24.33.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "mdadm-4.1-150300.24.33.1.ppc64le",
"product": {
"name": "mdadm-4.1-150300.24.33.1.ppc64le",
"product_id": "mdadm-4.1-150300.24.33.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "mdadm-4.1-150300.24.33.1.s390x",
"product": {
"name": "mdadm-4.1-150300.24.33.1.s390x",
"product_id": "mdadm-4.1-150300.24.33.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "mdadm-4.1-150300.24.33.1.x86_64",
"product": {
"name": "mdadm-4.1-150300.24.33.1.x86_64",
"product_id": "mdadm-4.1-150300.24.33.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.2",
"product": {
"name": "SUSE Manager Proxy 4.2",
"product_id": "SUSE Manager Proxy 4.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.2",
"product": {
"name": "SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mdadm-4.1-150300.24.33.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:mdadm-4.1-150300.24.33.1.aarch64"
},
"product_reference": "mdadm-4.1-150300.24.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mdadm-4.1-150300.24.33.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:mdadm-4.1-150300.24.33.1.s390x"
},
"product_reference": "mdadm-4.1-150300.24.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mdadm-4.1-150300.24.33.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:mdadm-4.1-150300.24.33.1.x86_64"
},
"product_reference": "mdadm-4.1-150300.24.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mdadm-4.1-150300.24.33.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:mdadm-4.1-150300.24.33.1.aarch64"
},
"product_reference": "mdadm-4.1-150300.24.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mdadm-4.1-150300.24.33.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:mdadm-4.1-150300.24.33.1.s390x"
},
"product_reference": "mdadm-4.1-150300.24.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mdadm-4.1-150300.24.33.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:mdadm-4.1-150300.24.33.1.x86_64"
},
"product_reference": "mdadm-4.1-150300.24.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mdadm-4.1-150300.24.33.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:mdadm-4.1-150300.24.33.1.aarch64"
},
"product_reference": "mdadm-4.1-150300.24.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mdadm-4.1-150300.24.33.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:mdadm-4.1-150300.24.33.1.ppc64le"
},
"product_reference": "mdadm-4.1-150300.24.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mdadm-4.1-150300.24.33.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:mdadm-4.1-150300.24.33.1.s390x"
},
"product_reference": "mdadm-4.1-150300.24.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mdadm-4.1-150300.24.33.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:mdadm-4.1-150300.24.33.1.x86_64"
},
"product_reference": "mdadm-4.1-150300.24.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mdadm-4.1-150300.24.33.1.x86_64 as component of SUSE Manager Proxy 4.2",
"product_id": "SUSE Manager Proxy 4.2:mdadm-4.1-150300.24.33.1.x86_64"
},
"product_reference": "mdadm-4.1-150300.24.33.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mdadm-4.1-150300.24.33.1.ppc64le as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:mdadm-4.1-150300.24.33.1.ppc64le"
},
"product_reference": "mdadm-4.1-150300.24.33.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mdadm-4.1-150300.24.33.1.s390x as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:mdadm-4.1-150300.24.33.1.s390x"
},
"product_reference": "mdadm-4.1-150300.24.33.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mdadm-4.1-150300.24.33.1.x86_64 as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:mdadm-4.1-150300.24.33.1.x86_64"
},
"product_reference": "mdadm-4.1-150300.24.33.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mdadm-4.1-150300.24.33.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:mdadm-4.1-150300.24.33.1.aarch64"
},
"product_reference": "mdadm-4.1-150300.24.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mdadm-4.1-150300.24.33.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:mdadm-4.1-150300.24.33.1.s390x"
},
"product_reference": "mdadm-4.1-150300.24.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mdadm-4.1-150300.24.33.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:mdadm-4.1-150300.24.33.1.x86_64"
},
"product_reference": "mdadm-4.1-150300.24.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mdadm-4.1-150300.24.33.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:mdadm-4.1-150300.24.33.1.aarch64"
},
"product_reference": "mdadm-4.1-150300.24.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mdadm-4.1-150300.24.33.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:mdadm-4.1-150300.24.33.1.s390x"
},
"product_reference": "mdadm-4.1-150300.24.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mdadm-4.1-150300.24.33.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:mdadm-4.1-150300.24.33.1.x86_64"
},
"product_reference": "mdadm-4.1-150300.24.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mdadm-4.1-150300.24.33.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:mdadm-4.1-150300.24.33.1.aarch64"
},
"product_reference": "mdadm-4.1-150300.24.33.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mdadm-4.1-150300.24.33.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:mdadm-4.1-150300.24.33.1.ppc64le"
},
"product_reference": "mdadm-4.1-150300.24.33.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mdadm-4.1-150300.24.33.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:mdadm-4.1-150300.24.33.1.s390x"
},
"product_reference": "mdadm-4.1-150300.24.33.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mdadm-4.1-150300.24.33.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:mdadm-4.1-150300.24.33.1.x86_64"
},
"product_reference": "mdadm-4.1-150300.24.33.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-28736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28736"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:mdadm-4.1-150300.24.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Linux Enterprise Micro 5.1:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:mdadm-4.1-150300.24.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Linux Enterprise Micro 5.2:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:mdadm-4.1-150300.24.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Linux Enterprise Micro 5.3:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:mdadm-4.1-150300.24.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Linux Enterprise Micro 5.4:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:mdadm-4.1-150300.24.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:mdadm-4.1-150300.24.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Manager Proxy 4.2:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Manager Server 4.2:mdadm-4.1-150300.24.33.1.ppc64le",
"SUSE Manager Server 4.2:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Manager Server 4.2:mdadm-4.1-150300.24.33.1.x86_64",
"openSUSE Leap 15.4:mdadm-4.1-150300.24.33.1.aarch64",
"openSUSE Leap 15.4:mdadm-4.1-150300.24.33.1.ppc64le",
"openSUSE Leap 15.4:mdadm-4.1-150300.24.33.1.s390x",
"openSUSE Leap 15.4:mdadm-4.1-150300.24.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28736",
"url": "https://www.suse.com/security/cve/CVE-2023-28736"
},
{
"category": "external",
"summary": "SUSE Bug 1214244 for CVE-2023-28736",
"url": "https://bugzilla.suse.com/1214244"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:mdadm-4.1-150300.24.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Linux Enterprise Micro 5.1:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:mdadm-4.1-150300.24.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Linux Enterprise Micro 5.2:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:mdadm-4.1-150300.24.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Linux Enterprise Micro 5.3:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:mdadm-4.1-150300.24.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Linux Enterprise Micro 5.4:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:mdadm-4.1-150300.24.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:mdadm-4.1-150300.24.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Manager Proxy 4.2:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Manager Server 4.2:mdadm-4.1-150300.24.33.1.ppc64le",
"SUSE Manager Server 4.2:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Manager Server 4.2:mdadm-4.1-150300.24.33.1.x86_64",
"openSUSE Leap 15.4:mdadm-4.1-150300.24.33.1.aarch64",
"openSUSE Leap 15.4:mdadm-4.1-150300.24.33.1.ppc64le",
"openSUSE Leap 15.4:mdadm-4.1-150300.24.33.1.s390x",
"openSUSE Leap 15.4:mdadm-4.1-150300.24.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:mdadm-4.1-150300.24.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Linux Enterprise Micro 5.1:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:mdadm-4.1-150300.24.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Linux Enterprise Micro 5.2:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:mdadm-4.1-150300.24.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Linux Enterprise Micro 5.3:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:mdadm-4.1-150300.24.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Linux Enterprise Micro 5.4:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:mdadm-4.1-150300.24.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:mdadm-4.1-150300.24.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Manager Proxy 4.2:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Manager Server 4.2:mdadm-4.1-150300.24.33.1.ppc64le",
"SUSE Manager Server 4.2:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Manager Server 4.2:mdadm-4.1-150300.24.33.1.x86_64",
"openSUSE Leap 15.4:mdadm-4.1-150300.24.33.1.aarch64",
"openSUSE Leap 15.4:mdadm-4.1-150300.24.33.1.ppc64le",
"openSUSE Leap 15.4:mdadm-4.1-150300.24.33.1.s390x",
"openSUSE Leap 15.4:mdadm-4.1-150300.24.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-10-03T18:08:42Z",
"details": "moderate"
}
],
"title": "CVE-2023-28736"
},
{
"cve": "CVE-2023-28938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28938"
}
],
"notes": [
{
"category": "general",
"text": "Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:mdadm-4.1-150300.24.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Linux Enterprise Micro 5.1:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:mdadm-4.1-150300.24.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Linux Enterprise Micro 5.2:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:mdadm-4.1-150300.24.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Linux Enterprise Micro 5.3:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:mdadm-4.1-150300.24.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Linux Enterprise Micro 5.4:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:mdadm-4.1-150300.24.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:mdadm-4.1-150300.24.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Manager Proxy 4.2:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Manager Server 4.2:mdadm-4.1-150300.24.33.1.ppc64le",
"SUSE Manager Server 4.2:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Manager Server 4.2:mdadm-4.1-150300.24.33.1.x86_64",
"openSUSE Leap 15.4:mdadm-4.1-150300.24.33.1.aarch64",
"openSUSE Leap 15.4:mdadm-4.1-150300.24.33.1.ppc64le",
"openSUSE Leap 15.4:mdadm-4.1-150300.24.33.1.s390x",
"openSUSE Leap 15.4:mdadm-4.1-150300.24.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28938",
"url": "https://www.suse.com/security/cve/CVE-2023-28938"
},
{
"category": "external",
"summary": "SUSE Bug 1214245 for CVE-2023-28938",
"url": "https://bugzilla.suse.com/1214245"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:mdadm-4.1-150300.24.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Linux Enterprise Micro 5.1:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:mdadm-4.1-150300.24.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Linux Enterprise Micro 5.2:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:mdadm-4.1-150300.24.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Linux Enterprise Micro 5.3:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:mdadm-4.1-150300.24.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Linux Enterprise Micro 5.4:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:mdadm-4.1-150300.24.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:mdadm-4.1-150300.24.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Manager Proxy 4.2:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Manager Server 4.2:mdadm-4.1-150300.24.33.1.ppc64le",
"SUSE Manager Server 4.2:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Manager Server 4.2:mdadm-4.1-150300.24.33.1.x86_64",
"openSUSE Leap 15.4:mdadm-4.1-150300.24.33.1.aarch64",
"openSUSE Leap 15.4:mdadm-4.1-150300.24.33.1.ppc64le",
"openSUSE Leap 15.4:mdadm-4.1-150300.24.33.1.s390x",
"openSUSE Leap 15.4:mdadm-4.1-150300.24.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:mdadm-4.1-150300.24.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Linux Enterprise Micro 5.1:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:mdadm-4.1-150300.24.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Linux Enterprise Micro 5.2:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:mdadm-4.1-150300.24.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Linux Enterprise Micro 5.3:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:mdadm-4.1-150300.24.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Linux Enterprise Micro 5.4:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:mdadm-4.1-150300.24.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:mdadm-4.1-150300.24.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Manager Proxy 4.2:mdadm-4.1-150300.24.33.1.x86_64",
"SUSE Manager Server 4.2:mdadm-4.1-150300.24.33.1.ppc64le",
"SUSE Manager Server 4.2:mdadm-4.1-150300.24.33.1.s390x",
"SUSE Manager Server 4.2:mdadm-4.1-150300.24.33.1.x86_64",
"openSUSE Leap 15.4:mdadm-4.1-150300.24.33.1.aarch64",
"openSUSE Leap 15.4:mdadm-4.1-150300.24.33.1.ppc64le",
"openSUSE Leap 15.4:mdadm-4.1-150300.24.33.1.s390x",
"openSUSE Leap 15.4:mdadm-4.1-150300.24.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-10-03T18:08:42Z",
"details": "low"
}
],
"title": "CVE-2023-28938"
}
]
}
suse-su-2023:3691-1
Vulnerability from csaf_suse
Published
2023-09-19 20:05
Modified
2023-09-19 20:05
Summary
Security update for mdadm
Notes
Title of the patch
Security update for mdadm
Description of the patch
This update for mdadm fixes the following issues:
- CVE-2023-28736: Fixed a buffer overflow (bsc#1214244).
- CVE-2023-28938: Fixed uncontrolled resource consumption (bsc#1214245).
Patchnames
SUSE-2023-3691,SUSE-SLE-SERVER-12-SP5-2023-3691
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for mdadm",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for mdadm fixes the following issues:\n\n- CVE-2023-28736: Fixed a buffer overflow (bsc#1214244).\n- CVE-2023-28938: Fixed uncontrolled resource consumption (bsc#1214245).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3691,SUSE-SLE-SERVER-12-SP5-2023-3691",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3691-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3691-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233691-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3691-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016230.html"
},
{
"category": "self",
"summary": "SUSE Bug 1214244",
"url": "https://bugzilla.suse.com/1214244"
},
{
"category": "self",
"summary": "SUSE Bug 1214245",
"url": "https://bugzilla.suse.com/1214245"
},
{
"category": "self",
"summary": "SUSE Bug 1214974",
"url": "https://bugzilla.suse.com/1214974"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28736 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28938 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28938/"
}
],
"title": "Security update for mdadm",
"tracking": {
"current_release_date": "2023-09-19T20:05:45Z",
"generator": {
"date": "2023-09-19T20:05:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3691-1",
"initial_release_date": "2023-09-19T20:05:45Z",
"revision_history": [
{
"date": "2023-09-19T20:05:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "mdadm-4.1-4.29.1.aarch64",
"product": {
"name": "mdadm-4.1-4.29.1.aarch64",
"product_id": "mdadm-4.1-4.29.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "mdadm-4.1-4.29.1.i586",
"product": {
"name": "mdadm-4.1-4.29.1.i586",
"product_id": "mdadm-4.1-4.29.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "mdadm-4.1-4.29.1.ppc64le",
"product": {
"name": "mdadm-4.1-4.29.1.ppc64le",
"product_id": "mdadm-4.1-4.29.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "mdadm-4.1-4.29.1.s390",
"product": {
"name": "mdadm-4.1-4.29.1.s390",
"product_id": "mdadm-4.1-4.29.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "mdadm-4.1-4.29.1.s390x",
"product": {
"name": "mdadm-4.1-4.29.1.s390x",
"product_id": "mdadm-4.1-4.29.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "mdadm-4.1-4.29.1.x86_64",
"product": {
"name": "mdadm-4.1-4.29.1.x86_64",
"product_id": "mdadm-4.1-4.29.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mdadm-4.1-4.29.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:mdadm-4.1-4.29.1.aarch64"
},
"product_reference": "mdadm-4.1-4.29.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mdadm-4.1-4.29.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:mdadm-4.1-4.29.1.ppc64le"
},
"product_reference": "mdadm-4.1-4.29.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mdadm-4.1-4.29.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:mdadm-4.1-4.29.1.s390x"
},
"product_reference": "mdadm-4.1-4.29.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mdadm-4.1-4.29.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:mdadm-4.1-4.29.1.x86_64"
},
"product_reference": "mdadm-4.1-4.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mdadm-4.1-4.29.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:mdadm-4.1-4.29.1.aarch64"
},
"product_reference": "mdadm-4.1-4.29.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mdadm-4.1-4.29.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:mdadm-4.1-4.29.1.ppc64le"
},
"product_reference": "mdadm-4.1-4.29.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mdadm-4.1-4.29.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:mdadm-4.1-4.29.1.s390x"
},
"product_reference": "mdadm-4.1-4.29.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mdadm-4.1-4.29.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:mdadm-4.1-4.29.1.x86_64"
},
"product_reference": "mdadm-4.1-4.29.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-28736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28736"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:mdadm-4.1-4.29.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:mdadm-4.1-4.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:mdadm-4.1-4.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:mdadm-4.1-4.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mdadm-4.1-4.29.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mdadm-4.1-4.29.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mdadm-4.1-4.29.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mdadm-4.1-4.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28736",
"url": "https://www.suse.com/security/cve/CVE-2023-28736"
},
{
"category": "external",
"summary": "SUSE Bug 1214244 for CVE-2023-28736",
"url": "https://bugzilla.suse.com/1214244"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:mdadm-4.1-4.29.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:mdadm-4.1-4.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:mdadm-4.1-4.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:mdadm-4.1-4.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mdadm-4.1-4.29.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mdadm-4.1-4.29.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mdadm-4.1-4.29.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mdadm-4.1-4.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:mdadm-4.1-4.29.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:mdadm-4.1-4.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:mdadm-4.1-4.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:mdadm-4.1-4.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mdadm-4.1-4.29.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mdadm-4.1-4.29.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mdadm-4.1-4.29.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mdadm-4.1-4.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-19T20:05:45Z",
"details": "moderate"
}
],
"title": "CVE-2023-28736"
},
{
"cve": "CVE-2023-28938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28938"
}
],
"notes": [
{
"category": "general",
"text": "Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:mdadm-4.1-4.29.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:mdadm-4.1-4.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:mdadm-4.1-4.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:mdadm-4.1-4.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mdadm-4.1-4.29.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mdadm-4.1-4.29.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mdadm-4.1-4.29.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mdadm-4.1-4.29.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28938",
"url": "https://www.suse.com/security/cve/CVE-2023-28938"
},
{
"category": "external",
"summary": "SUSE Bug 1214245 for CVE-2023-28938",
"url": "https://bugzilla.suse.com/1214245"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:mdadm-4.1-4.29.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:mdadm-4.1-4.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:mdadm-4.1-4.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:mdadm-4.1-4.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mdadm-4.1-4.29.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mdadm-4.1-4.29.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mdadm-4.1-4.29.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mdadm-4.1-4.29.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:mdadm-4.1-4.29.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:mdadm-4.1-4.29.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:mdadm-4.1-4.29.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:mdadm-4.1-4.29.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mdadm-4.1-4.29.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mdadm-4.1-4.29.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mdadm-4.1-4.29.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:mdadm-4.1-4.29.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-19T20:05:45Z",
"details": "low"
}
],
"title": "CVE-2023-28938"
}
]
}
WID-SEC-W-2023-2019
Vulnerability from csaf_certbund
Published
2023-08-08 22:00
Modified
2023-10-05 22:00
Summary
Intel SSD Tools: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Eine Solid State Drive (SSD) ist ein Speichermedium ähnlich einer Festplatte.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen in Intel SSD Tools ausnutzen, um seine Privilegien zu erhöhen und um einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Eine Solid State Drive (SSD) ist ein Speichermedium \u00e4hnlich einer Festplatte.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Intel SSD Tools ausnutzen, um seine Privilegien zu erh\u00f6hen und um einen Denial of Service Zustand herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2019 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2019.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2019 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2019"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2023-2275 vom 2023-10-06",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2275.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3953-1 vom 2023-10-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016488.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3691-1 vom 2023-09-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016230.html"
},
{
"category": "external",
"summary": "Intel Security Advisory INTEL-SA-00690 vom 2023-08-08",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html"
}
],
"source_lang": "en-US",
"title": "Intel SSD Tools: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-10-05T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:56:51.565+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2019",
"initial_release_date": "2023-08-08T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-08-08T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-09-19T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-10-03T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-10-05T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Amazon aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Intel SSD Firmware Tools \u003c mdadm-4.2-rc2",
"product": {
"name": "Intel SSD Firmware Tools \u003c mdadm-4.2-rc2",
"product_id": "T029173",
"product_identification_helper": {
"cpe": "cpe:/h:intel:ssd:tools__mdadm-4.2-rc2"
}
}
}
],
"category": "vendor",
"name": "Intel"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-28938",
"notes": [
{
"category": "description",
"text": "In Intel SSD Tools existieren mehrere Schwachstellen aufgrund von Fehlern in der Speicherverwaltung. Ein lokaler Angreifer kann dies ausnutzen, um seine Privilegien zu erh\u00f6hen und um einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T002207",
"398363"
]
},
"release_date": "2023-08-08T22:00:00.000+00:00",
"title": "CVE-2023-28938"
},
{
"cve": "CVE-2023-28736",
"notes": [
{
"category": "description",
"text": "In Intel SSD Tools existieren mehrere Schwachstellen aufgrund von Fehlern in der Speicherverwaltung. Ein lokaler Angreifer kann dies ausnutzen, um seine Privilegien zu erh\u00f6hen und um einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T002207",
"398363"
]
},
"release_date": "2023-08-08T22:00:00.000+00:00",
"title": "CVE-2023-28736"
}
]
}
wid-sec-w-2023-2019
Vulnerability from csaf_certbund
Published
2023-08-08 22:00
Modified
2023-10-05 22:00
Summary
Intel SSD Tools: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Eine Solid State Drive (SSD) ist ein Speichermedium ähnlich einer Festplatte.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen in Intel SSD Tools ausnutzen, um seine Privilegien zu erhöhen und um einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Eine Solid State Drive (SSD) ist ein Speichermedium \u00e4hnlich einer Festplatte.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Intel SSD Tools ausnutzen, um seine Privilegien zu erh\u00f6hen und um einen Denial of Service Zustand herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2019 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2019.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2019 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2019"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2023-2275 vom 2023-10-06",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2275.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3953-1 vom 2023-10-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016488.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3691-1 vom 2023-09-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016230.html"
},
{
"category": "external",
"summary": "Intel Security Advisory INTEL-SA-00690 vom 2023-08-08",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html"
}
],
"source_lang": "en-US",
"title": "Intel SSD Tools: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-10-05T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:56:51.565+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2019",
"initial_release_date": "2023-08-08T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-08-08T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-09-19T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-10-03T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-10-05T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Amazon aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Intel SSD Firmware Tools \u003c mdadm-4.2-rc2",
"product": {
"name": "Intel SSD Firmware Tools \u003c mdadm-4.2-rc2",
"product_id": "T029173",
"product_identification_helper": {
"cpe": "cpe:/h:intel:ssd:tools__mdadm-4.2-rc2"
}
}
}
],
"category": "vendor",
"name": "Intel"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-28938",
"notes": [
{
"category": "description",
"text": "In Intel SSD Tools existieren mehrere Schwachstellen aufgrund von Fehlern in der Speicherverwaltung. Ein lokaler Angreifer kann dies ausnutzen, um seine Privilegien zu erh\u00f6hen und um einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T002207",
"398363"
]
},
"release_date": "2023-08-08T22:00:00.000+00:00",
"title": "CVE-2023-28938"
},
{
"cve": "CVE-2023-28736",
"notes": [
{
"category": "description",
"text": "In Intel SSD Tools existieren mehrere Schwachstellen aufgrund von Fehlern in der Speicherverwaltung. Ein lokaler Angreifer kann dies ausnutzen, um seine Privilegien zu erh\u00f6hen und um einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T002207",
"398363"
]
},
"release_date": "2023-08-08T22:00:00.000+00:00",
"title": "CVE-2023-28736"
}
]
}
gsd-2023-28736
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-28736",
"id": "GSD-2023-28736"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-28736"
],
"details": "Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access.",
"id": "GSD-2023-28736",
"modified": "2023-12-13T01:20:46.860755Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2023-28736",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel(R) SSD Tools software",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "before version mdadm-4.2-rc2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "escalation of privilege"
},
{
"cweId": "CWE-120",
"lang": "eng",
"value": "Buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html",
"refsource": "MISC",
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mdadm_project:mdadm:4.2:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mdadm_project:mdadm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2023-28736"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-09-25T18:30Z",
"publishedDate": "2023-08-11T03:15Z"
}
}
}
CERTFR-2023-AVI-0640
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- Intel SSD Tools software versions antérieures à mdadm-4.2-rc2
- Intel BIOS PCSD BIOS versions antérieures à 02.01.0013
- Intel logiciel PROSet/Wireless WiFi versions antérieures à 22.200
- Intel Converged Security Management Engine (CSME) sans les correctifs de sécurité du 08 août 2023
- Intel Active Management Technology (AMT) sans les correctifs de sécurité du 08 août 2023
- Intel Standard Manageability software sans les correctifs de sécurité du 08 août 2023
- Pilote RDMA des Contrôleurs Ethernet Intel pour linux versions antérieures à 1.9.30
- Programme d'installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 11ème à 13ème générations) versions antérieures à 19.5.2.1049.5
- Programme d'installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 10ème et 11ème générations) versions antérieures à 18.7.6.1010.3
- Programme d'installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 8ème et 9ème générations) versions antérieures à 17.11.3.1010.2
- Interface utilisateur Intel RST et pilotes versions antérieures à 16.8.5.1014.5
- Suite de logiciels Intel Quartus Prime Pro pour Linux before versions antérieures à 22.4
- Suite de logiciels Intel Quartus Prime Standard pour Linux versions antérieures à 22.1STD
- Cartes graphiques Intel Arc A770 et A750 vendues entre octobre 2022 et décembre 2022
- Séries de processeurs Intel Atom, Xeon, Core de 7ème à 11ème générations, Celeron, Pentium et Core séries X sans les correctifs de sécurité du 08 août 2023
- Logiciel d'exécution Intel oneVPL GPU versions antérieures à 22.6.5
- Client Intel Unite pour Mac versions antérieures à 4.2.11
- Ensemble de logiciels Intel Unite pour Windows versions antérieures à 4.2.34962
- Séries de processeurs Intel Atom, Xeon, Core, Celeron et Pentium sans les correctifs de sécurité du 08 août 2023
- Pilotes infrarouge ITE Tech consumer pour terminaux NUC versions antérieures à 5.5.2.1
- System Firmware Update Utility (SysFwUpdt) for Intel Server Boards and Intel Server Systems Based on Intel 621A Chipset before version 16.0.7.
- Utilitaire de mise à jour de microgiciel (SysFwUpdt) pour Intel Server Boards et Intel Server Systems basé sur les jeux de puces 621A
- Séries de contrôleurs Ethernet et adaptateurs E810 (Columbiaville) versions antérieures à 1.7.2.4
- Logiciel Intel Optimization for TensorFlow versions antérieures à 2.12
- Distribution Intel des outils OpenVINO versions antérieures à 2022.3.0
- Outils Intel VCUST téléchargés avant le 03 février 2023 sans le correctif de sécurité du 08 août 2023
- logiciel Intel VROC versions antérieures à 8.0.0.4035
- Logiciel d'installation d'Intel Advanced Link Analyzer Standard Edition versions antérieures à 22.1.1
- Logiciel d'installation Intel ISPC software pour Windows versions antérieures à 1.19.0
- Logiciel Intel Agilex software inclus dans Intel Quartus Prime Pro Edition pour Linux versions antérieures à 22.4
- Logiciel Intel Easy Streaming Wizard toutes versions [1]
- Application Android Intel Support versions antérieures à v23.02.07
- Suite logicielle Intel NUC Pro pour Windows versions antérieures à 2.0.0.9
- Logiciel Intel PROSet/Wireless WiFi 6 AX200 sur certaines plateformes Microsoft Surface versions antérieures à 22.220 HF
- Logiciel Intel oneMKL versions antérieures à 2022.0
- Logiciel Intel DTT versions antérieures à 8.7.10801.25109
- Logiciel Intel AI Hackathon versions antérieures à 2.0.0
- Logiciel Intel DSA versions antérieures à 23.1.9
- Bibliothèque Hyperscan maintenue par Intel versions antérieures à 5.4.1
- Outils Intel oneAPI versions antérieures à 2023.1.0
- BIOS de cartes mères de terminaux NUC sans les correctifs de sécurité du 08 août 2023
- Logiciel Intel Manageability Commander versions antérieures à 2.3
- Logiciel Intel Unison versions antérieures à 10.12
- Pilotes vidéo BMC intégrés aux cartes mères Intel M10JNP2SB pour Microsoft versions antérieures à 3.0
- Pilotes vidéo BMC intégrés aux cartes mères Intel M10JNP2SB pour Linux versions antérieures à 1.13.4
- Logiciel Intel SDP Tool versions antérieures à 1.4 build 5
- Outils de développement Intel PSR versions antérieures à 1.0.0.20
- Logiciel Intel RealSense ID pour Intel RealSense 450 FA versions antérieures à 0.25
- Application Android Intel Unite versions antérieures à 4.2.3504
- Logiciel MAVinci Desktop pour Intel Falcon 8+ toutes versions [2]
- Logiciel Intel ITS versions antérieures à 3.1
- Outils de développement Intel RealSense versions antérieures à 2.53.1
[1] : L'éditeur indique que le logiciel Intel Easy Streaming Wizard n'est plus maintenu et recommande de le désinstaller ou de cesser de l'utiliser dès que possible
[2] : L'éditeur indique que le logiciel MAVinci Desktop pour Intel Falcon 8+ n'est plus maintenu et recommande de le désinstaller ou de cesser de l'utiliser dès que possible
Impacted products
| Vendor | Product | Description |
|---|
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eIntel SSD Tools software versions ant\u00e9rieures \u00e0 mdadm-4.2-rc2\u003c/li\u003e \u003cli\u003eIntel BIOS PCSD BIOS versions ant\u00e9rieures \u00e0 02.01.0013\u003c/li\u003e \u003cli\u003eIntel logiciel PROSet/Wireless WiFi versions ant\u00e9rieures \u00e0 22.200\u003c/li\u003e \u003cli\u003eIntel Converged Security Management Engine (CSME) sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003eIntel Active Management Technology (AMT) sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003eIntel Standard Manageability software sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003ePilote RDMA des Contr\u00f4leurs Ethernet Intel pour linux versions ant\u00e9rieures \u00e0 1.9.30\u003c/li\u003e \u003cli\u003eProgramme d\u0027installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 11\u00e8me \u00e0 13\u00e8me g\u00e9n\u00e9rations) versions ant\u00e9rieures \u00e0 19.5.2.1049.5\u003c/li\u003e \u003cli\u003eProgramme d\u0027installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 10\u00e8me et 11\u00e8me g\u00e9n\u00e9rations) versions ant\u00e9rieures \u00e0 18.7.6.1010.3\u003c/li\u003e \u003cli\u003eProgramme d\u0027installation de pilotes Intel RST avec Intel Optane Memory (plateformes de 8\u00e8me et 9\u00e8me g\u00e9n\u00e9rations) versions ant\u00e9rieures \u00e0 17.11.3.1010.2\u003c/li\u003e \u003cli\u003eInterface utilisateur Intel RST et pilotes versions ant\u00e9rieures \u00e0 16.8.5.1014.5\u003c/li\u003e \u003cli\u003eSuite de logiciels Intel Quartus Prime Pro pour Linux before versions ant\u00e9rieures \u00e0 22.4\u003c/li\u003e \u003cli\u003eSuite de logiciels Intel Quartus Prime Standard pour Linux versions ant\u00e9rieures \u00e0 22.1STD\u003c/li\u003e \u003cli\u003eCartes graphiques Intel Arc A770 et A750 vendues entre octobre 2022 et d\u00e9cembre 2022\u003c/li\u003e \u003cli\u003eS\u00e9ries de processeurs Intel Atom, Xeon, Core de 7\u00e8me \u00e0 11\u00e8me g\u00e9n\u00e9rations, Celeron, Pentium et Core s\u00e9ries X sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003eLogiciel d\u0027ex\u00e9cution Intel oneVPL GPU versions ant\u00e9rieures \u00e0 22.6.5\u003c/li\u003e \u003cli\u003eClient Intel Unite pour Mac versions ant\u00e9rieures \u00e0 4.2.11\u003c/li\u003e \u003cli\u003eEnsemble de logiciels Intel Unite pour Windows versions ant\u00e9rieures \u00e0 4.2.34962\u003c/li\u003e \u003cli\u003eS\u00e9ries de processeurs Intel Atom, Xeon, Core, Celeron et Pentium sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003ePilotes infrarouge ITE Tech consumer pour terminaux NUC versions ant\u00e9rieures \u00e0 5.5.2.1\u003c/li\u003e \u003cli\u003eSystem Firmware Update Utility (SysFwUpdt) for Intel Server Boards and Intel Server Systems Based on Intel 621A Chipset before version 16.0.7.\u003c/li\u003e \u003cli\u003eUtilitaire de mise \u00e0 jour de microgiciel (SysFwUpdt) pour Intel Server Boards et Intel Server Systems bas\u00e9 sur les jeux de puces 621A\u003c/li\u003e \u003cli\u003eS\u00e9ries de contr\u00f4leurs Ethernet et adaptateurs E810 (Columbiaville) versions ant\u00e9rieures \u00e0 1.7.2.4\u003c/li\u003e \u003cli\u003eLogiciel Intel Optimization for TensorFlow versions ant\u00e9rieures \u00e0 2.12\u003c/li\u003e \u003cli\u003eDistribution Intel des outils OpenVINO versions ant\u00e9rieures \u00e0 2022.3.0\u003c/li\u003e \u003cli\u003eOutils Intel VCUST t\u00e9l\u00e9charg\u00e9s avant le 03 f\u00e9vrier 2023 sans le correctif de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003elogiciel Intel VROC versions ant\u00e9rieures \u00e0 8.0.0.4035\u003c/li\u003e \u003cli\u003eLogiciel d\u0027installation d\u0027Intel Advanced Link Analyzer Standard Edition versions ant\u00e9rieures \u00e0 22.1.1\u003c/li\u003e \u003cli\u003eLogiciel d\u0027installation Intel ISPC software pour Windows versions ant\u00e9rieures \u00e0 1.19.0\u003c/li\u003e \u003cli\u003eLogiciel Intel Agilex software inclus dans Intel Quartus Prime Pro Edition pour Linux versions ant\u00e9rieures \u00e0 22.4\u003c/li\u003e \u003cli\u003eLogiciel Intel Easy Streaming Wizard toutes versions [1]\u003c/li\u003e \u003cli\u003eApplication Android Intel Support versions ant\u00e9rieures \u00e0 v23.02.07\u003c/li\u003e \u003cli\u003eSuite logicielle Intel NUC Pro pour Windows versions ant\u00e9rieures \u00e0 2.0.0.9\u003c/li\u003e \u003cli\u003eLogiciel Intel PROSet/Wireless WiFi 6 AX200 sur certaines plateformes Microsoft Surface versions ant\u00e9rieures \u00e0 22.220 HF\u003c/li\u003e \u003cli\u003eLogiciel Intel oneMKL versions ant\u00e9rieures \u00e0 2022.0\u003c/li\u003e \u003cli\u003eLogiciel Intel DTT versions ant\u00e9rieures \u00e0 8.7.10801.25109\u003c/li\u003e \u003cli\u003eLogiciel Intel AI Hackathon versions ant\u00e9rieures \u00e0 2.0.0\u003c/li\u003e \u003cli\u003eLogiciel Intel DSA versions ant\u00e9rieures \u00e0 23.1.9\u003c/li\u003e \u003cli\u003eBiblioth\u00e8que Hyperscan maintenue par Intel versions ant\u00e9rieures \u00e0 5.4.1\u003c/li\u003e \u003cli\u003eOutils Intel oneAPI versions ant\u00e9rieures \u00e0 2023.1.0\u003c/li\u003e \u003cli\u003eBIOS de cartes m\u00e8res de terminaux NUC sans les correctifs de s\u00e9curit\u00e9 du 08 ao\u00fbt 2023\u003c/li\u003e \u003cli\u003eLogiciel Intel Manageability Commander versions ant\u00e9rieures \u00e0 2.3\u003c/li\u003e \u003cli\u003eLogiciel Intel Unison versions ant\u00e9rieures \u00e0 10.12\u003c/li\u003e \u003cli\u003ePilotes vid\u00e9o BMC int\u00e9gr\u00e9s aux cartes m\u00e8res Intel M10JNP2SB pour Microsoft versions ant\u00e9rieures \u00e0 3.0\u003c/li\u003e \u003cli\u003ePilotes vid\u00e9o BMC int\u00e9gr\u00e9s aux cartes m\u00e8res Intel M10JNP2SB pour Linux versions ant\u00e9rieures \u00e0 1.13.4\u003c/li\u003e \u003cli\u003eLogiciel Intel SDP Tool versions ant\u00e9rieures \u00e0 1.4 build 5\u003c/li\u003e \u003cli\u003eOutils de d\u00e9veloppement Intel PSR versions ant\u00e9rieures \u00e0 1.0.0.20\u003c/li\u003e \u003cli\u003eLogiciel Intel RealSense ID pour Intel RealSense 450 FA versions ant\u00e9rieures \u00e0 0.25\u003c/li\u003e \u003cli\u003eApplication Android Intel Unite versions ant\u00e9rieures \u00e0 4.2.3504\u003c/li\u003e \u003cli\u003eLogiciel MAVinci Desktop pour Intel Falcon 8+ toutes versions [2]\u003c/li\u003e \u003cli\u003eLogiciel Intel ITS versions ant\u00e9rieures \u00e0 3.1\u003c/li\u003e \u003cli\u003eOutils de d\u00e9veloppement Intel RealSense versions ant\u00e9rieures \u00e0 2.53.1\u003c/li\u003e \u003c/ul\u003e \u003cp\u003e[1] :\u00a0L\u0027\u00e9diteur indique que le logiciel Intel Easy Streaming Wizard n\u0027est plus maintenu et recommande de le d\u00e9sinstaller ou de cesser de l\u0027utiliser d\u00e8s que possible\u003c/p\u003e \u003cp\u003e[2] :\u00a0L\u0027\u00e9diteur indique que le logiciel MAVinci Desktop pour Intel Falcon 8+ n\u0027est plus maintenu et recommande de le d\u00e9sinstaller ou de cesser de l\u0027utiliser d\u00e8s que possible\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-32617",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32617"
},
{
"name": "CVE-2023-27509",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27509"
},
{
"name": "CVE-2023-31246",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31246"
},
{
"name": "CVE-2023-23577",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23577"
},
{
"name": "CVE-2022-44611",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44611"
},
{
"name": "CVE-2023-28736",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28736"
},
{
"name": "CVE-2023-29243",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29243"
},
{
"name": "CVE-2023-34086",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34086"
},
{
"name": "CVE-2023-27392",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27392"
},
{
"name": "CVE-2023-24016",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24016"
},
{
"name": "CVE-2022-27635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27635"
},
{
"name": "CVE-2023-28823",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28823"
},
{
"name": "CVE-2023-22356",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22356"
},
{
"name": "CVE-2023-27506",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27506"
},
{
"name": "CVE-2023-32547",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32547"
},
{
"name": "CVE-2022-36372",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36372"
},
{
"name": "CVE-2023-25773",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25773"
},
{
"name": "CVE-2023-28658",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28658"
},
{
"name": "CVE-2022-37343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37343"
},
{
"name": "CVE-2022-36392",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36392"
},
{
"name": "CVE-2023-27515",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27515"
},
{
"name": "CVE-2022-38076",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38076"
},
{
"name": "CVE-2023-27391",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27391"
},
{
"name": "CVE-2022-37336",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37336"
},
{
"name": "CVE-2023-28385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28385"
},
{
"name": "CVE-2023-25944",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25944"
},
{
"name": "CVE-2023-29500",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29500"
},
{
"name": "CVE-2023-22841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22841"
},
{
"name": "CVE-2022-38102",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38102"
},
{
"name": "CVE-2023-22444",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22444"
},
{
"name": "CVE-2023-32609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32609"
},
{
"name": "CVE-2023-28938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28938"
},
{
"name": "CVE-2023-28711",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28711"
},
{
"name": "CVE-2023-28714",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28714"
},
{
"name": "CVE-2023-22276",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22276"
},
{
"name": "CVE-2023-33867",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33867"
},
{
"name": "CVE-2022-29871",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29871"
},
{
"name": "CVE-2022-40982",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40982"
},
{
"name": "CVE-2022-29887",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29887"
},
{
"name": "CVE-2023-32656",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32656"
},
{
"name": "CVE-2023-22449",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22449"
},
{
"name": "CVE-2023-25757",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25757"
},
{
"name": "CVE-2023-25182",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25182"
},
{
"name": "CVE-2022-29470",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29470"
},
{
"name": "CVE-2023-29494",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29494"
},
{
"name": "CVE-2023-28380",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28380"
},
{
"name": "CVE-2022-41984",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41984"
},
{
"name": "CVE-2023-22840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22840"
},
{
"name": "CVE-2022-40964",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40964"
},
{
"name": "CVE-2023-34355",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34355"
},
{
"name": "CVE-2022-38973",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38973"
},
{
"name": "CVE-2022-34657",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34657"
},
{
"name": "CVE-2023-29151",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29151"
},
{
"name": "CVE-2022-43505",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43505"
},
{
"name": "CVE-2022-36351",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36351"
},
{
"name": "CVE-2023-34438",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34438"
},
{
"name": "CVE-2023-28405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28405"
},
{
"name": "CVE-2023-34427",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34427"
},
{
"name": "CVE-2023-32663",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32663"
},
{
"name": "CVE-2022-41804",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41804"
},
{
"name": "CVE-2022-45112",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45112"
},
{
"name": "CVE-2023-27505",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27505"
},
{
"name": "CVE-2023-33877",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33877"
},
{
"name": "CVE-2023-22330",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22330"
},
{
"name": "CVE-2023-27887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27887"
},
{
"name": "CVE-2022-43456",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43456"
},
{
"name": "CVE-2023-32285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32285"
},
{
"name": "CVE-2022-46329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46329"
},
{
"name": "CVE-2023-32543",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32543"
},
{
"name": "CVE-2023-34349",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34349"
},
{
"name": "CVE-2023-22338",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22338"
},
{
"name": "CVE-2023-26587",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26587"
},
{
"name": "CVE-2023-30760",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30760"
},
{
"name": "CVE-2022-44612",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44612"
},
{
"name": "CVE-2023-25775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25775"
},
{
"name": "CVE-2022-27879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27879"
},
{
"name": "CVE-2022-25864",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25864"
},
{
"name": "CVE-2023-23908",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23908"
},
{
"name": "CVE-2022-38083",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38083"
}
],
"initial_release_date": "2023-08-09T00:00:00",
"last_revision_date": "2023-08-09T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0640",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-08-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00846 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00846.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00844 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00844.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00897 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00897.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00893 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00893.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00899 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00899.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00828 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00813 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00813.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00912 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00912.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00859 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00859.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00932 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00932.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00812 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00812.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00892 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00892.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00934 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00934.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00795 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00795.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00938 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00938.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00826 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00826.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00862 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00862.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00818 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00818.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00836 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00836.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00840 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00840.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00873 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00873.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00742 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00742.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00794 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00766 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00879 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00879.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00905 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00905.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00837 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00837.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00783 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00783.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00830 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00830.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00842 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00842.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00877 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00877.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00848 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00848.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00829 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00829.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00917 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00946 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00946.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00800 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00800.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00890 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00850 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00850.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00849 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00849.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00868 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00868.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00878 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00878.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00907 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00907.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00690 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00875 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00875.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00872 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00872.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00835 du 08 ao\u00fbt 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00835.html"
}
]
}
ghsa-4953-8925-rqj6
Vulnerability from github
Published
2023-08-11 03:30
Modified
2024-04-04 06:51
Severity ?
VLAI Severity ?
Details
Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access.
{
"affected": [],
"aliases": [
"CVE-2023-28736"
],
"database_specific": {
"cwe_ids": [
"CWE-120"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-11T03:15:25Z",
"severity": "MODERATE"
},
"details": "Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access.",
"id": "GHSA-4953-8925-rqj6",
"modified": "2024-04-04T06:51:18Z",
"published": "2023-08-11T03:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28736"
},
{
"type": "WEB",
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
fkie_cve-2023-28736
Vulnerability from fkie_nvd
Published
2023-08-11 03:15
Modified
2024-11-21 07:55
Severity ?
5.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mdadm_project | mdadm | * | |
| mdadm_project | mdadm | 4.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mdadm_project:mdadm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57006DDC-FD21-43BC-9DE8-6E03993FAB65",
"versionEndExcluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mdadm_project:mdadm:4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2D9C5AB9-778F-4A22-91E2-04A124833A49",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"id": "CVE-2023-28736",
"lastModified": "2024-11-21T07:55:53.890",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 3.7,
"source": "secure@intel.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-11T03:15:25.950",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "secure@intel.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…