OpenCVE

Improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially enable escalation of privilege via local access.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Intel	I915 Graphics

Configuration 1 [-]

cpe:2.3:a:intel:i915_graphics:*:*:*:*:*:linux:*:*

No data.

References

Link	Providers
https://github.com/torvalds/linux/commit/3886a86e7e6cc6ce2ce93c440fecd8f42aed0ce7
https://nvd.nist.gov/vuln/detail/CVE-2023-28410
https://security.netapp.com/advisory/ntap-20230622-0004/
https://www.cve.org/CVERecord?id=CVE-2023-28410
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00886.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2023-05-10T13:16:37.359Z

Updated: 2024-08-02T12:38:25.378Z

Reserved: 2023-03-22T03:00:05.381Z

Link: CVE-2023-28410

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-05-10T14:15:33.037

Modified: 2024-11-21T07:55:00.717

Link: CVE-2023-28410

Redhat

Severity : Moderate

Publid Date: 2023-05-11T06:30:00Z

Links: CVE-2023-28410 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-28410", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "state": "PUBLISHED", "assignerShortName": "intel", "dateReserved": "2023-03-22T03:00:05.381Z", "datePublished": "2023-05-10T13:16:37.359Z", "dateUpdated": "2024-08-02T12:38:25.378Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2023-05-10T13:16:37.359Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege"}, {"lang": "en", "description": "Improper restriction of operations within the bounds of a memory buffer", "cweId": "CWE-119", "type": "CWE"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) i915 Graphics drivers for linux", "versions": [{"version": "before kernel version 6.2.10", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially enable escalation of privilege via local access."}], "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00886.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00886.html"}, {"url": "https://security.netapp.com/advisory/ntap-20230622-0004/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:38:25.378Z"}, "title": "CVE Program Container", "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00886.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00886.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230622-0004/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intel:i915_graphics:*:*:*:*:*:linux:*:*", "matchCriteriaId": "90E07F2A-FE23-476D-97E1-415A7CC5C13B", "versionEndExcluding": "6.2.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially enable escalation of privilege via local access."}], "id": "CVE-2023-28410", "lastModified": "2024-11-21T07:55:00.717", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "secure@intel.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-10T14:15:33.037", "references": [{"source": "secure@intel.com", "url": "https://security.netapp.com/advisory/ntap-20230622-0004/"}, {"source": "secure@intel.com", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00886.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20230622-0004/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00886.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "secure@intel.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "hw: Intel: Improper restriction in memory buffer in graphics drivers cause escalation of privilege", "id": "2203831", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203831"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["Improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially enable escalation of privilege via local access.", "A flaw was found in the Linux kernel i915 graphics driver that improperly restricts operations within the bounds of a memory buffer. This issue could allow a local user to crash the system or potentially escalate their privileges on the system."], "mitigation": {"lang": "en:us", "value": "Preventing loading the i915 kernel module will prevent attackers from using this exploit against the system; however, the power management functionality of the card will be disabled and the system may draw additional power. See the kcs \u201cHow do I blacklist a kernel module to prevent it from loading automatically?\u201c (https://access.redhat.com/solutions/41278) for instructions on how to disable a kernel module from autoloading. Graphical displays may also be at low resolution or not work correctly.\nThis mitigation may not be suitable if the graphical login functionality is required."}, "name": "CVE-2023-28410", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-05-11T06:30:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-28410\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28410\nhttps://github.com/torvalds/linux/commit/3886a86e7e6cc6ce2ce93c440fecd8f42aed0ce7"], "statement": "This has been rated as having a Moderate security impact until more information is available, such as exploit or description. The potential corruption of memory is expected to have impact on availability, leading to a system crash.", "threat_severity": "Moderate"}