CVE-2023-22327
Severity CVSS v4.0:
Pending analysis
Type:
CWE-787
Out-of-bounds Write
Publication date:
14/11/2023
Last modified:
27/11/2023
Description
Out-of-bounds write in firmware for some Intel(R) FPGA products before version 2.8.1 may allow a privileged user to potentially enable information disclosure via local access.
Impact
Base Score 3.x
4.40
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:intel:agilex_7_fpga_f-series_006_firmware:*:*:*:*:*:*:*:* | 2.8.1 (excluding) | |
| cpe:2.3:h:intel:agilex_7_fpga_f-series_006:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:intel:agilex_7_fpga_f-series_008_firmware:*:*:*:*:*:*:*:* | 2.8.1 (excluding) | |
| cpe:2.3:h:intel:agilex_7_fpga_f-series_008:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:intel:agilex_7_fpga_f-series_012_firmware:*:*:*:*:*:*:*:* | 2.8.1 (excluding) | |
| cpe:2.3:h:intel:agilex_7_fpga_f-series_012:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:intel:agilex_7_fpga_f-series_014_firmware:*:*:*:*:*:*:*:* | 2.8.1 (excluding) | |
| cpe:2.3:h:intel:agilex_7_fpga_f-series_014:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:intel:agilex_7_fpga_f-series_019_firmware:*:*:*:*:*:*:*:* | 2.8.1 (excluding) | |
| cpe:2.3:h:intel:agilex_7_fpga_f-series_019:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:intel:agilex_7_fpga_f-series_022_firmware:*:*:*:*:*:*:*:* | 2.8.1 (excluding) | |
| cpe:2.3:h:intel:agilex_7_fpga_f-series_022:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:intel:agilex_7_fpga_f-series_023_firmware:*:*:*:*:*:*:*:* | 2.8.1 (excluding) | |
| cpe:2.3:h:intel:agilex_7_fpga_f-series_023:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:intel:agilex_7_fpga_f-series_027_firmware:*:*:*:*:*:*:*:* | 2.8.1 (excluding) |
To consult the complete list of CPE names with products and versions, see this page