#VU96077 Buffer overflow in Intel products - CVE-2023-38655

Cybersecurity Help s.r.o.

Published: 2024-08-16

Vulnerability identifier: #VU96077

Vulnerability risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-38655

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Intel C420 Chipset
Hardware solutions / Firmware
Intel X299 Chipset
Hardware solutions / Firmware
Intel C230 series chipset
Hardware solutions / Firmware
2nd Gen Intel Xeon Scalable processor
Hardware solutions / Firmware
Intel Xeon W processor 3200 series
Hardware solutions / Firmware
1st Gen Intel Xeon Scalable processor
Hardware solutions / Firmware
Intel Xeon W processor 3100 series
Hardware solutions / Firmware
8th Gen Intel Core processor
Hardware solutions / Firmware
Intel 200 Series Chipset
Hardware solutions / Firmware
Intel 100 Series Chipset
Hardware solutions / Firmware
Intel 300 Series Chipset
Hardware solutions / Firmware
Intel C240 Series Chipset
Hardware solutions / Firmware
Pentium Gold processor series (G54XXU)
Hardware solutions / Firmware
Celeron processor 4000 series
Hardware solutions / Firmware
Intel 400 Series Chipset
Hardware solutions / Firmware
Intel 500 series chipset
Hardware solutions / Firmware
Intel C250 Series Chipset
Hardware solutions / Firmware
Intel Atom x6000E series
Hardware solutions / Firmware
Intel 600 Series Chipset
Hardware solutions / Firmware
Intel Celeron Processor N Series
Hardware solutions / Firmware
Intel Celeron Processor J Series
Hardware solutions / Firmware
Intel Pentium Processor Silver Series
Hardware solutions / Firmware
Intel Pentium Processor N Series
Hardware solutions / Other hardware appliances
Intel Pentium Processor J Series
Hardware solutions / Other hardware appliances

Vendor: Intel

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in firmware. A local administrator can trigger memory corruption and cause a denail of service condition on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Intel C420 Chipset: before 11.12.95

Intel X299 Chipset: before 11.12.95

Intel C230 series chipset: before 11.12.95

2nd Gen Intel Xeon Scalable processor: before 11.22.95

Intel Xeon W processor 3200 series: before 11.22.95

1st Gen Intel Xeon Scalable processor: before 11.22.95

Intel Xeon W processor 3100 series: before 11.22.95

8th Gen Intel Core processor: before 11.8.95

Intel 200 Series Chipset: before 11.8.95

Intel 100 Series Chipset: before 11.8.95

Intel 300 Series Chipset: before 12.0.94

Intel C240 Series Chipset: before 12.0.94

Pentium Gold processor series (G54XXU): before 12.0.94

Celeron processor 4000 series: before 12.0.94

Intel 400 Series Chipset: before 14.1.72

Intel 500 series chipset: before 15.0.47

Intel C250 Series Chipset: before 15.0.47

Intel Atom x6000E series: before 15.40.32

Intel 600 Series Chipset: before 16.1.30

Intel Pentium Processor N Series: before 15.40.32

Intel Pentium Processor J Series: before 15.40.32

Intel Celeron Processor N Series: before 15.40.32

Intel Celeron Processor J Series: before 15.40.32

Intel Pentium Processor Silver Series: before 13.50.27

External links
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00999.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Intel Chipset Firmware