Analysis Summary

CVE-2023-28739 CVSS:6.7

Intel Chipset Driver Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect default permissions. An attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-29153 CVSS:4.9

Intel Server Platform Services firmware is vulnerable to a denial of service, caused by an uncontrolled resource consumption. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-28396 CVSS:6.1

Intel JHL8440 Thunderbolt 4 Controller firmware is vulnerable to a denial of service, caused by improper access control. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2023-41252 CVSS:6.5

Intel QuickAssist Technology (QAT) software drivers for Windows are vulnerable to a denial of service, caused by an out-of-bounds read. A local authenticated attacker could exploit this vulnerability to cause a denial of service.

Impact

• Privilege Escalation
• Denial of Service

Indicators of Compromise

CVE

• CVE-2023-28739
• CVE-2023-29153
• CVE-2023-28396
• CVE-2023-41252

Affected Vendors

Affected Products

• Intel Server Platform Services SPS_E5_06
• Intel Chipset Driver Software 9.4.0.1017
• Intel Chipset Driver Software 9.0.0.1011
• Intel Chipset Driver Software 9.1.1.1025
• Intel JHL8440 Thunderbolt 4 Controller 40
• Intel QuickAssist Technology 1.11.0-0006 Windows
• Intel QuickAssist Technology 1.7.W.1.6.0-0009 Windows

Remediation

Refer to INTEL Security Advisory for patch, upgrade or suggested workaround information.

CVE-2023-28739

CVE-2023-29153

CVE-2023-28396

CVE-2023-41252