CVE-2023-42766
https://notcve.org/view.php?id=CVE-2023-42766
Improper input validation in some Intel NUC 8 Compute Element BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. La validación de entrada incorrecta en algunos firmware del BIOS Intel NUC 8 Compute Element puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01028.html • CWE-20: Improper Input Validation •
CVE-2023-38587
https://notcve.org/view.php?id=CVE-2023-38587
Improper input validation in some Intel NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. La validación de entrada incorrecta en algunos firmware de BIOS Intel NUC puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01028.html • CWE-20: Improper Input Validation •
CVE-2023-42429
https://notcve.org/view.php?id=CVE-2023-42429
Improper buffer restrictions in some Intel NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. Las restricciones inadecuadas del búfer en algunos firmware del BIOS Intel NUC pueden permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01028.html • CWE-92: DEPRECATED: Improper Sanitization of Custom Special Characters •
CVE-2023-38023
https://notcve.org/view.php?id=CVE-2023-38023
An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access unauthorized information, aka an "AEPIC Leak." Se descubrió un problema en SCONE Confidential Computing Platform anterior a 5.8.0 para Intel SGX. La falta de lógica de alineación de puntero en __scone_dispatch y otras funciones de entrada permite que un atacante local acceda a información no autorizada, también conocida como "fuga AEPIC". • https://github.com/openenclave/openenclave/security/advisories/GHSA-v3vm-9h66-wm76 https://jovanbulck.github.io/files/oakland24-pandora.pdf https://sconedocs.github.io/release5.7 https://sconedocs.github.io/release5.8 https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/stale-data-read-from-xapic.html https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabi •
CVE-2023-50197 – Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-50197
Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DSA Service. By creating a symbolic link, an attacker can abuse the service to write a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-23-1773 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •