Severity
Medium
Analysis Summary
CVE-2023-28739 CVSS:6.7
Intel Chipset Driver Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect default permissions. An attacker could exploit this vulnerability to gain elevated privileges.
CVE-2023-29153 CVSS:4.9
Intel Server Platform Services firmware is vulnerable to a denial of service, caused by an uncontrolled resource consumption. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-28396 CVSS:6.1
Intel JHL8440 Thunderbolt 4 Controller firmware is vulnerable to a denial of service, caused by improper access control. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-41252 CVSS:6.5
Intel QuickAssist Technology (QAT) software drivers for Windows are vulnerable to a denial of service, caused by an out-of-bounds read. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
Impact
- Privilege Escalation
- Denial of Service
Indicators of Compromise
CVE
- CVE-2023-28739
- CVE-2023-29153
- CVE-2023-28396
- CVE-2023-41252
Affected Vendors
Affected Products
- Intel Server Platform Services SPS_E5_06
- Intel Chipset Driver Software 9.4.0.1017
- Intel Chipset Driver Software 9.0.0.1011
- Intel Chipset Driver Software 9.1.1.1025
- Intel JHL8440 Thunderbolt 4 Controller 40
- Intel QuickAssist Technology 1.11.0-0006 Windows
- Intel QuickAssist Technology 1.7.W.1.6.0-0009 Windows
Remediation
Refer to INTEL Security Advisory for patch, upgrade or suggested workaround information.