{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-28746", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "state": "PUBLISHED", "assignerShortName": "intel", "dateReserved": "2023-05-05T03:00:03.623Z", "datePublished": "2024-03-14T16:45:50.370Z", "dateUpdated": "2024-08-02T13:51:38.519Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2024-03-14T16:45:50.370Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "information disclosure"}, {"lang": "en", "description": "Information exposure through microarchitectural state after transient execution from some register files", "cweId": "CWE-1342", "type": "CWE"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) Atom(R) Processors", "versions": [{"version": "See references", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."}], "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/"}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/12/13"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-28746", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-14T18:58:08.088339Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:28:56.120Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T13:51:38.519Z"}, "title": "CVE Program Container", "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/12/13", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/12/13", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T13:51:38.519Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-28746", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-14T18:58:08.088339Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:17.787Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) Atom(R) Processors", "versions": [{"status": "affected", "version": "See references"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/"}, {"url": "http://www.openwall.com/lists/oss-security/2024/03/12/13"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}], "descriptions": [{"lang": "en", "value": "Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "information disclosure"}, {"lang": "en", "type": "CWE", "cweId": "CWE-1342", "description": "Information exposure through microarchitectural state after transient execution from some register files"}]}], "providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2024-03-14T16:45:50.370Z"}}}, "cveMetadata": {"cveId": "CVE-2023-28746", "state": "PUBLISHED", "dateUpdated": "2024-08-02T13:51:38.519Z", "dateReserved": "2023-05-05T03:00:03.623Z", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "datePublished": "2024-03-14T16:45:50.370Z", "assignerShortName": "intel"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."}, {"lang": "es", "value": "La exposici\u00f3n de la informaci\u00f3n a trav\u00e9s del estado de la microarquitectura despu\u00e9s de la ejecuci\u00f3n transitoria de algunos archivos de registro para algunos procesadores Intel(R) Atom(R) puede permitir que un usuario autenticado potencialmente habilite la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso local."}], "id": "CVE-2023-28746", "lastModified": "2024-06-25T23:15:21.940", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "secure@intel.com", "type": "Secondary"}]}, "published": "2024-03-14T17:15:50.533", "references": [{"source": "secure@intel.com", "url": "http://www.openwall.com/lists/oss-security/2024/03/12/13"}, {"source": "secure@intel.com", "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html"}, {"source": "secure@intel.com", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"source": "secure@intel.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK/"}, {"source": "secure@intel.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG/"}, {"source": "secure@intel.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/"}, {"source": "secure@intel.com", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1342"}], "source": "secure@intel.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:5101", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.16.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}], "bugzilla": {"description": "kernel: Local information disclosure on Intel(R) Atom(R) processors", "id": "2270700", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270700"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-1342", "details": ["Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "A vulnerability was found in some Intel Atom Processor's microcode. This issue may allow a malicious actor to achieve a local information disclosure, impacting the data confidentiality of the targeted system."], "name": "CVE-2023-28746", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "microcode_ctl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "microcode_ctl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "microcode_ctl", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "microcode_ctl", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-28746\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28746\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html"], "threat_severity": "Moderate"}