A potential security vulnerability in some Intel® Thunderbolt™ Controllers may allow denial of service. Intel is releasing firmware updates to mitigate this potential vulnerability.
CVEID: CVE-2023-28396
Description: Improper access control in firmware for some Intel® Thunderbol™ Controllers versions before 41 may allow a privileged user to enable denial of service via local access.
CVSS Base Score: 6.1 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:H
Intel® JHL8440 Thunderbolt™ 4 Controller firmware versions before 41.
Intel recommends that users of Intel® Thunderbolt™ Controllers update to the latest version provided by the system manufacturer that addresses these issues.
This issue was found internally by Intel employees.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.