Lucene search

K
intelIntel Security CenterINTEL:INTEL-SA-01045
HistoryMar 12, 2024 - 12:00 a.m.

2024.1 IPU OOB - Intel® Xeon® D Processor Advisory

2024-03-1200:00:00
Intel Security Center
www.intel.com
4
intel xeon d
software guard extensions
information disclosure
cve-2023-43490
microcode update
system manufacturer
github
os loadable
sgx tcb recovery
firmware interface table
system administrators
coordinated disclosure

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.3%

Summary:

A potential security vulnerability in some Intel® Xeon® D Processors with Intel® Software Guard Extensions (SGX) may allow information disclosure. Intel is releasing microcode updates to mitigate this potential vulnerability.

Vulnerability Details:

CVEID: CVE-2023-43490

Description: Incorrect calculation in microcode keying mechanism for some Intel® Xeon® D Processors with Intel® SGX may allow a privileged user to potentially enable information disclosure via local access.

CVSS Base Score: 5.3 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

Affected Products:

Product Collection

|

Vertical Segment

|

CPU ID

|

Platform ID

—|—|—|—

Intel® Xeon® D Processor

|

Embedded

|

606C1

|

10

Recommendation:

Intel recommends that users of affected Intel® Processors update to the latest version firmware provided by the system manufacturer that addresses these issues.

Intel has released microcode updates for the affected Intel® Processors that are currently supported on the public github repository. Please see details below on access to the microcode:

GitHub*: Public Github: <https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files&gt;

For non Intel® Software Guard Extension (SGX) customers the microcode patch can be OS loadable.

Detailed steps on the microcode loading points can be found at:

<https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/secure-coding/loading-microcode-os.html&gt;

For the mitigation to be effective for Intel® SGX enabled systems, Intel recommends updating the microcode located in platform flash designated by firmware interface table (FIT) entry point1.

To address this vulnerability, a SGX TCB recovery is planned, refer here for more information on the SGX TCB recovery process.

End users and systems administrators should check with their system manufacturers and system software vendors and apply any available updates as soon as practical.

Attestation responses will change as a result of the TCB Recovery. Refer to the Intel SGX Attestation Technical Details documentation for further details.

Acknowledgements:

Intel would like to thank Intel employees for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.3%