#VU97439 Race condition in Intel products - CVE-2023-41833

Vulnerability identifier: #VU97439

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-41833

CWE-ID: CWE-362

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Intel Atom Processor C Series
Intel Xeon D Processors
Intel Celeron Processor N Series
10th Generation Intel Core Processors
11th Generation Intel Core Processors
Intel Core i7-11700T
Intel Core i7-11700
Intel Core i5-11400T
Intel Core i5-11400
Intel Core i5-11500T
Intel Core i5-11500
Intel Xeon E Processors
Intel Atom Processor C5000
Intel Atom Processor P5000 Series
12th Generation Intel Core Processors
Intel Pentium Gold Processor Series
Intel Celeron Processors
13th Generation Intel Core Processors
Intel Atom Processor X Series
Intel Pentium Silver Processor N Series
Intel Pentium N6005
Intel Celeron N5105
Intel Celeron 6305E/RE
Intel Core i3-1115GRE/G4E
Intel Core i5-1145G7E/GRE
Intel Core i7-1185G7E/GRE
Intel Celeron 6600HE/HLE
Intel Core i3-11100HE
Intel Core i5-11500HE
Intel Core i7-11850HE
Intel Xeon W-11155MLE/MRE
Intel Xeon W-11555MLE/MRE
Intel Xeon W-11865MLE/MRE

Software vendor:
Intel

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in UEFI firmware. A local privileged user can exploit the race and escalate privileges on the system.

Install updates from vendor's website.

• https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01071.html