Analysis Summary

CVE-2023-31189 CVSS:5.3

Intel OpenBMC firmware could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper authentication. An attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-27517 CVSS:6.6

Intel Optane Persistent Memory (PMem) management software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. An attacker could exploit this vulnerability to gain elevated privileges on the system.

CVE-2023-39941 CVSS:7.1

Intel System Usage Report (SUR) software is vulnerable to a denial of service, caused by improper access control. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.

Impact

• Privilege Escalation
• Denial of Service

Indicators of Compromise

CVE

• CVE-2023-31189
• CVE-2023-27517
• CVE-2023-39941

Affected Vendors

Affected Products

• Intel OpenBMC egs-1.04
• Intel OpenBMC egs-1.03
• Intel OpenBMC egs-1.02
• Intel OpenBMC egs-1.01
• Intel Optane Persistent Memory (PMem) 03.00.00.0476
• Intel Optane Persistent Memory (PMem) 03.00.00.0468
• Intel Optane Persistent Memory (PMem) 03.00.00.0462
• Intel Optane Persistent Memory (PMem) 03.00.00.0455
• Intel Optane Persistent Memory (PMem) 02.00.00.3871
• Intel Optane Persistent Memory (PMem) 02.00.00.3869
• Intel Optane Persistent Memory (PMem) 02.00.00.3866
• Intel Optane Persistent Memory (PMem) 02.00.00.3852
• Intel Optane Persistent Memory (PMem) 01.00.00.3518
• Intel Optane Persistent Memory (PMem) 01.00.00.3515
• Intel Optane Persistent Memory (PMem) 01.00.00.3506
• Intel SUR 2.3
• Intel SUR 2.4

Remediation

Refer to INTEL Security Advisory for patch, upgrade or suggested workaround information.

CVE-2023-31189

CVE-2023-27517

CVE-2023-39941