Analysis Summary

CVE-2023-25945 CVSS:6.7

Intel One Boot Flash Update (OFU) software could allow a local authenticated attacker to gain elevated privileges on the system, caused by a protection mechanism failure. An attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-32646 CVSS:6.7

Intel Virtual RAID on CPU (VROC) software could allow a local authenticated attacker to gain elevated privileges on the system, caused by an uncontrolled search path. By placing a specially crafted file in the search path, an attacker could exploit this vulnerability to gain elevated privileges on the system.

CVE-2023-39425 CVSS:8.8

Intel Driver & Support Assistant (DSA) software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. An attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-30767 CVSS:5.5

Intel Optimization for TensorFlow could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper bounds checking. An attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-39432 CVSS:6.7

Intel Ethernet tools and driver install software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control. By sending a specially crafted request, an attacker could exploit this vulnerability to gain elevated privileges.

Impact

• Privilege Escalation
• Gain Access

Indicators of Compromise

CVE

• CVE-2023-25945
• CVE-2023-32646
• CVE-2023-39425
• CVE-2023-30767
• CVE-2023-39432

Affected Vendors

Affected Products

• Intel One Boot Flash Update (OFU) 14.1.30
• Intel One Boot Flash Update (OFU) 14.1.28
• Intel Virtual RAID on CPU (VROC) 8.0
• Intel Virtual RAID on CPU (VROC) 7.7
• Intel Virtual RAID on CPU (VROC) 7.6
• Intel Virtual RAID on CPU (VROC) 7.5
• Intel Virtual RAID on CPU (VROC) 7.0
• Intel Optimization for TensorFlow 2.13.0-rc2
• Intel Optimization for TensorFlow 2.13.0-rc1
• Intel Optimization for TensorFlow 2.13.0-rc0
• Intel Optimization for TensorFlow 2.12.0
• Intel Optimization for TensorFlow 2.11.1
• Intel Optimization for TensorFlow 2.9.3
• Intel Optimization for TensorFlow 2.8.4
• Intel Optimization for TensorFlow 2.10.0
• Intel Optimization for TensorFlow 2.9.2
• Intel Optimization for TensorFlow 2.8.3
• Intel Optimization for TensorFlow 2.9.0
• Intel Optimization for TensorFlow 2.7.3
• Intel Optimization for TensorFlow 2.8.2
• Intel Optimization for TensorFlow 2.6.5
• Intel Optimization for TensorFlow 2.9.1
• Intel Optimization for TensorFlow 2.7.4
• Intel Ethernet tools and driver install software 28.1
• Intel Ethernet tools and driver install software 28.0
• Intel Driver and Support Assistant (DSA) 22.5.33
• Intel Driver and Support Assistant (DSA) 22.5.34
• Intel Driver and Support Assistant (DSA) 22.6.42
• Intel Driver and Support Assistant (DSA) 22.8.50
• Intel Driver and Support Assistant (DSA) 23.1.9
• Intel Driver and Support Assistant (DSA) 23.2.17
• Intel Driver and Support Assistant (DSA) 23.3.25

Remediation

Refer to INTEL-Security Advisory for patch, upgrade or suggested workaround information.

CVE-2023-25945

CVE-2023-32646

CVE-2023-39425

CVE-2023-30767

CVE-2023-39432