CVE-2023-23583

Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.

From the Ubuntu Security Team

Benoit Morgan, Paul Grosen, Thais Moreira Hamasaki, Ke Sun, Alyssa Milburn, Hisham Shafi, Nir Shlomovich, Tavis Ormandy, Daniel Moghimi, Josh Eads, Salman Qazi, Alexandra Sandulescu, Andy Nguyen, Eduardo Vela, Doug Kwan, and Kostik Shtoyk discovered that some Intel(R) Processors did not properly handle certain sequences of processor instructions. A local attacker could possibly use this to cause a core hang (resulting in a denial of service) or gain access to sensitive information or possibly escalate their privileges.

Why is this CVE high priority?

Allows privilege escalation from VM to host or unprivileged user to privileged user.

Learn more about Ubuntu priority

• How can I get the fixes?
• What do statuses mean?
• Patch details

References

• MITRE
• NVD
• Launchpad
• Debian

Related Ubuntu Security Notices (USN)

• USN-6485-1
• Intel Microcode vulnerability
• 17 November 2023

Other references

• https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html
• https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/redundant-prefix-issue.html
• https://www.openwall.com/lists/oss-security/2023/11/14/4
• https://lock.cmpxchg8b.com/reptar.html
• https://www.cve.org/CVERecord?id=CVE-2023-23583