{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-45745", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "state": "PUBLISHED", "assignerShortName": "intel", "dateReserved": "2023-11-27T04:00:20.170Z", "datePublished": "2024-05-16T20:47:24.558Z", "dateUpdated": "2024-08-02T20:29:31.699Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2024-05-16T20:47:24.558Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege"}, {"lang": "en", "description": "Improper input validation", "cweId": "CWE-20", "type": "CWE"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) TDX module software", "versions": [{"version": "before version 1.5.05.46.698", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access."}], "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html"}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0003/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 7.9, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-45745", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-24T15:36:31.062876Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:intel:tdx_module_software:1.5.05.46.698:*:*:*:*:*:*:*"], "vendor": "intel", "product": "tdx_module_software", "versions": [{"status": "affected", "version": "1.5.05.46.698"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:20:08.366Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:29:31.699Z"}, "title": "CVE Program Container", "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0003/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0003/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:29:31.699Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-45745", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-24T15:36:31.062876Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:intel:tdx_module_software:1.5.05.46.698:*:*:*:*:*:*:*"], "vendor": "intel", "product": "tdx_module_software", "versions": [{"status": "affected", "version": "1.5.05.46.698"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-24T15:37:31.224Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.9, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) TDX module software", "versions": [{"status": "affected", "version": "before version 1.5.05.46.698"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html"}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0003/"}], "descriptions": [{"lang": "en", "value": "Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege"}, {"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "Improper input validation"}]}], "providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2024-05-16T20:47:24.558Z"}}}, "cveMetadata": {"cveId": "CVE-2023-45745", "state": "PUBLISHED", "dateUpdated": "2024-08-02T20:29:31.699Z", "dateReserved": "2023-11-27T04:00:20.170Z", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "datePublished": "2024-05-16T20:47:24.558Z", "assignerShortName": "intel"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access."}, {"lang": "es", "value": " La validaci\u00f3n de entrada incorrecta en alg\u00fan software de m\u00f3dulo Intel(R) TDX anterior a la versi\u00f3n 1.5.05.46.698 puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."}], "id": "CVE-2023-45745", "lastModified": "2024-06-21T19:15:29.473", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 5.8, "source": "secure@intel.com", "type": "Secondary"}]}, "published": "2024-05-16T21:15:58.507", "references": [{"source": "secure@intel.com", "url": "https://security.netapp.com/advisory/ntap-20240621-0003/"}, {"source": "secure@intel.com", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "secure@intel.com", "type": "Secondary"}]}

{"bugzilla": {"description": "intel-microcode: Improper input validation in some Intel(R) TDX module software", "id": "2292298", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292298"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.9", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", "status": "draft"}, "cwe": "CWE-20", "details": ["Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.", "A flaw was found in intel-microcode. Improper input validation in some Intel(R) TDX module software may allow a privileged user to enable escalation of privilege via local access."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-45745", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "microcode_ctl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "microcode_ctl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "microcode_ctl", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "microcode_ctl", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-45745\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-45745\nhttps://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240514\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html"], "statement": "This vulnerability does not affect any versions of Red Hat Enterprise Linux.", "threat_severity": "Important"}