{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-28746", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "state": "PUBLISHED", "assignerShortName": "intel", "dateReserved": "2023-05-05T03:00:03.623Z", "datePublished": "2024-03-14T16:45:50.370Z", "dateUpdated": "2024-08-02T13:51:38.519Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2024-03-14T16:45:50.370Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "information disclosure"}, {"lang": "en", "description": "Information exposure through microarchitectural state after transient execution from some register files", "cweId": "CWE-1342", "type": "CWE"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) Atom(R) Processors", "versions": [{"version": "See references", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."}], "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/"}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/12/13"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-28746", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-14T18:58:08.088339Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:28:56.120Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T13:51:38.519Z"}, "title": "CVE Program Container", "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/12/13", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/12/13", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T13:51:38.519Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-28746", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-14T18:58:08.088339Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:17.787Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) Atom(R) Processors", "versions": [{"status": "affected", "version": "See references"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/"}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/12/13"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}], "descriptions": [{"lang": "en", "value": "Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "information disclosure"}, {"lang": "en", "type": "CWE", "cweId": "CWE-1342", "description": "Information exposure through microarchitectural state after transient execution from some register files"}]}], "providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2024-03-14T16:45:50.370Z"}}}, "cveMetadata": {"cveId": "CVE-2023-28746", "state": "PUBLISHED", "dateUpdated": "2024-08-02T13:51:38.519Z", "dateReserved": "2023-05-05T03:00:03.623Z", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "datePublished": "2024-03-14T16:45:50.370Z", "assignerShortName": "intel"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."}, {"lang": "es", "value": "La exposici\u00f3n de la informaci\u00f3n a trav\u00e9s del estado de la microarquitectura despu\u00e9s de la ejecuci\u00f3n transitoria de algunos archivos de registro para algunos procesadores Intel(R) Atom(R) puede permitir que un usuario autenticado potencialmente habilite la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso local."}], "id": "CVE-2023-28746", "lastModified": "2024-11-21T07:55:55.327", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "[email protected]", "type": "Secondary"}]}, "published": "2024-03-14T17:15:50.533", "references": [{"source": "[email protected]", "url": "http://www.openwall.com/lists/oss-security/2024/03/12/13"}, {"source": "[email protected]", "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html"}, {"source": "[email protected]", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"source": "[email protected]", "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/"}, {"source": "[email protected]", "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/"}, {"source": "[email protected]", "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/"}, {"source": "[email protected]", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/03/12/13"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1342"}], "source": "[email protected]", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:5101", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.16.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:8162", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.40.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-10-16T00:00:00Z"}, {"advisory": "RHSA-2024:8162", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.40.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-10-16T00:00:00Z"}, {"advisory": "RHSA-2024:9401", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "microcode_ctl-4:20240910-1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:8157", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.88.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-10-16T00:00:00Z"}, {"advisory": "RHSA-2024:8158", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-10-16T00:00:00Z"}], "bugzilla": {"description": "kernel: Local information disclosure on Intel(R) Atom(R) processors", "id": "2270700", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270700"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-1342", "details": ["Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "A vulnerability was found in some Intel Atom Processor's microcode. This issue may allow a malicious actor to achieve a local information disclosure, impacting the data confidentiality of the targeted system."], "name": "CVE-2023-28746", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "microcode_ctl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "microcode_ctl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "microcode_ctl", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-28746\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28746\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html"], "threat_severity": "Moderate"}