{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-47855", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "state": "PUBLISHED", "assignerShortName": "intel", "dateReserved": "2023-11-18T04:00:12.356Z", "datePublished": "2024-05-16T20:47:25.146Z", "dateUpdated": "2025-02-13T17:18:10.345Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2024-06-21T19:08:44.550Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege"}, {"lang": "en", "description": "Improper input validation", "cweId": "CWE-20", "type": "CWE"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) TDX module software", "versions": [{"version": "before version 1.5.05.46.698", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access."}], "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html"}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0003/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:16:43.722Z"}, "title": "CVE Program Container", "references": [{"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0003/", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "intel", "product": "trust_domain_extensions_module", "cpes": ["cpe:2.3:a:intel:trust_domain_extensions_module:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "1.5.05.46.698", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-21T15:16:15.492538Z", "id": "CVE-2023-47855", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-21T16:50:21.497Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0003/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:16:43.722Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-47855", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-21T15:16:15.492538Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:intel:trust_domain_extensions_module:*:*:*:*:*:*:*:*"], "vendor": "intel", "product": "trust_domain_extensions_module", "versions": [{"status": "affected", "version": "0", "lessThan": "1.5.05.46.698", "versionType": "custom"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-21T15:20:19.818Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "n/a", "product": "Intel(R) TDX module software", "versions": [{"status": "affected", "version": "before version 1.5.05.46.698"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html"}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0003/"}], "descriptions": [{"lang": "en", "value": "Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "escalation of privilege"}, {"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "Improper input validation"}]}], "providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2024-06-21T19:08:44.550Z"}}}, "cveMetadata": {"cveId": "CVE-2023-47855", "state": "PUBLISHED", "dateUpdated": "2025-02-13T17:18:10.345Z", "dateReserved": "2023-11-18T04:00:12.356Z", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "datePublished": "2024-05-16T20:47:25.146Z", "assignerShortName": "intel"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intel:tdx_module:*:*:*:*:*:*:*:*", "matchCriteriaId": "C01083F4-652C-4329-8ED3-54B290DE465C", "versionEndExcluding": "1.5.05.46.698", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:hci_compute_node_bios:-:*:*:*:*:*:*:*", "matchCriteriaId": "7C61DF9A-ABDE-44A2-A060-B088428D5064", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access."}, {"lang": "es", "value": " La validaci\u00f3n de entrada incorrecta en alg\u00fan software de m\u00f3dulo Intel(R) TDX anterior a la versi\u00f3n 1.5.05.46.698 puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."}], "id": "CVE-2023-47855", "lastModified": "2025-09-02T13:57:55.683", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.2, "source": "secure@intel.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-16T21:16:00.630", "references": [{"source": "secure@intel.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20240621-0003/"}, {"source": "secure@intel.com", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20240621-0003/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "secure@intel.com", "type": "Secondary"}]}

{"bugzilla": {"description": "intel-microcode: Improper input validation in some Intel\u00ae TDX module software", "id": "2292302", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292302"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "status": "draft"}, "cwe": "CWE-20", "details": ["Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.", "A flaw was found in intel-microcode. Improper input validation in some Intel\u00ae TDX module software may allow a privileged user to enable escalation of privileges via local access."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-47855", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "microcode_ctl", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "microcode_ctl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "microcode_ctl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "microcode_ctl", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "microcode_ctl", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-47855\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-47855\nhttps://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240514\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html"], "threat_severity": "Moderate"}

{}