CVE-2023-23583

Q: What is the severity of CVE-2023-23583?

CVE-2023-23583 has a CVSS score of 8.8 (HIGH). CVE-2023-23583 is a hardware vulnerability in certain Intel processors where specific instruction sequences can cause unexpected behavior, potentially allowing authenticated local attackers to escalate privileges, disclose information, or cause denial of service. This affects systems with vulnerable Intel CPUs regardless of operating system.

8.8 HIGH

Denial of Service

📋 TL;DR

CVE-2023-23583 is a hardware vulnerability in certain Intel processors where specific instruction sequences can cause unexpected behavior, potentially allowing authenticated local attackers to escalate privileges, disclose information, or cause denial of service. This affects systems with vulnerable Intel CPUs regardless of operating system.

💻 Affected Systems

Products:

Intel Processors (specific models not detailed in provided references)

Versions: Multiple generations of Intel processors (exact models require Intel advisory)

Operating Systems: All operating systems running on affected Intel processors

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists at hardware/microcode level, affects all software running on vulnerable CPUs. Exact processor models should be verified via Intel advisory.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via privilege escalation to kernel/admin level, sensitive data exfiltration, and persistent denial of service affecting multiple systems.

🟠

Likely Case

Local privilege escalation allowing attackers to gain higher privileges on compromised systems, potentially leading to lateral movement within networks.

🟢

If Mitigated

Limited impact with proper access controls, patch management, and network segmentation preventing local attacker access to vulnerable systems.

🌐 Internet-Facing: LOW - Requires local authenticated access, cannot be exploited remotely over network.

🏢 Internal Only: HIGH - Internal attackers with local access to vulnerable systems can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires deep understanding of processor architecture and ability to execute specific instruction sequences. References suggest academic/research disclosure rather than active exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Microcode updates from Intel, BIOS/UEFI updates from system manufacturers

Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html

Restart Required: Yes

Instructions:

1. Check Intel advisory for affected processor models. 2. Obtain microcode update from Intel or BIOS/UEFI update from system manufacturer. 3. Apply update following vendor instructions. 4. Reboot system to activate microcode/BIOS changes.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit physical and remote local access to vulnerable systems through strict access controls and privilege management.

🧯 If You Can't Patch

Implement strict access controls to prevent unauthorized local access to vulnerable systems
Isolate vulnerable systems in segmented network zones to limit potential lateral movement

🔍 How to Verify

Check if Vulnerable:

Check processor model and microcode version: On Linux: 'cat /proc/cpuinfo | grep -E "model|microcode"', On Windows: 'wmic cpu get name,description'

Check Version:

Linux: 'uname -a' and 'cat /proc/cpuinfo', Windows: 'systeminfo' and 'wmic bios get smbiosbiosversion'

Verify Fix Applied:

Verify microcode version after update matches patched version from Intel advisory. On Linux: 'dmesg | grep microcode', On Windows: Check BIOS/UEFI version in system information.

📡 Detection & Monitoring

Log Indicators:

Unusual processor exception logs
Kernel panic/crash logs related to CPU exceptions
Failed privilege escalation attempts in system logs

Network Indicators:

Not applicable - local exploitation only

SIEM Query:

Not applicable for network detection. Focus on host-based: suspicious local privilege escalation patterns, CPU exception events.

📊 Metadata

CVE ID: CVE-2023-23583

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-1281

Published: November 14, 2023

Last Updated: January 7, 2025

🔗 References

http://www.openwall.com/lists/oss-security/2023/11/14/4 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/11/14/5 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/11/14/6 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/11/14/7 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/11/14/8 Mailing List
http://www.openwall.com/lists/oss-security/2023/11/14/9 Mailing List
https://lists.debian.org/debian-lts-announce/2023/12/msg00012.html
https://security.netapp.com/advisory/ntap-20231116-0015/ Third Party Advisory
https://www.debian.org/security/2023/dsa-5563 Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html Vendor Advisory
http://www.openwall.com/lists/oss-security/2023/11/14/4 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/11/14/5 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/11/14/6 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/11/14/7 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/11/14/8 Mailing List
http://www.openwall.com/lists/oss-security/2023/11/14/9 Mailing List
https://lists.debian.org/debian-lts-announce/2023/12/msg00012.html
https://security.netapp.com/advisory/ntap-20231116-0015/ Third Party Advisory
https://www.debian.org/security/2023/dsa-5563 Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Affa900 Firmware by Netapp

Core I3 1005g1 Firmware by Intel

Core I3 10100y Firmware by Intel

Core I3 10110u Firmware by Intel

Core I3 10110y Firmware by Intel

Core I3 11100he Firmware by Intel

Core I3 1110g4 Firmware by Intel

Core I3 1115g4 Firmware by Intel

Core I3 1115g4e Firmware by Intel

Core I3 1115gre Firmware by Intel

Core I3 1120g4 Firmware by Intel

Core I3 1125g4 Firmware by Intel

Core I5 10200h Firmware by Intel

Core I5 10210u Firmware by Intel

Core I5 10210y Firmware by Intel

Core I5 10300h Firmware by Intel

Core I5 10310u Firmware by Intel

Core I5 10310y Firmware by Intel

Core I5 1035g1 Firmware by Intel

Core I5 1035g4 Firmware by Intel

Core I5 1035g7 Firmware by Intel

Core I5 10400h Firmware by Intel

Core I5 10500h Firmware by Intel

Core I5 11260h Firmware by Intel

Core I5 11300h Firmware by Intel

Core I5 1130g7 Firmware by Intel

Core I5 11320h by Intel

Core I5 1135g7 Firmware by Intel

Core I5 11400 Firmware by Intel

Core I5 11400f Firmware by Intel

Core I5 11400h Firmware by Intel

Core I5 11400t Firmware by Intel

Core I5 1140g7 Firmware by Intel

Core I5 1145g7 Firmware by Intel

Core I5 1145g7e Firmware by Intel

Core I5 1145gre Firmware by Intel

Core I5 11500 Firmware by Intel

Core I5 11500h Firmware by Intel

Core I5 11500he Firmware by Intel

Core I5 11500t Firmware by Intel

Core I5 1155g7 by Intel

Core I5 11600 Firmware by Intel

Core I5 11600k Firmware by Intel

Core I5 11600kf Firmware by Intel

Core I5 11600t Firmware by Intel

Core I7 10510u Firmware by Intel

Core I7 10510y Firmware by Intel

Core I7 10610u Firmware by Intel

Core I7 1065g7 Firmware by Intel

Core I7 10710u Firmware by Intel

Core I7 10750h Firmware by Intel

Core I7 10810u Firmware by Intel

Core I7 10850h Firmware by Intel

Core I7 10870h Firmware by Intel

Core I7 10875h Firmware by Intel

Core I7 11370h Firmware by Intel

Core I7 11375h Firmware by Intel

Core I7 11390h Firmware by Intel

Core I7 11600h Firmware by Intel

Core I7 1160g7 Firmware by Intel

Core I7 1165g7 Firmware by Intel

Core I7 11700 Firmware by Intel

Core I7 11700f Firmware by Intel

Core I7 11700k Firmware by Intel

Core I7 11700kf Firmware by Intel

Core I7 11700t Firmware by Intel

Core I7 11800h Firmware by Intel

Core I7 1180g7 Firmware by Intel

Core I7 11850h Firmware by Intel

Core I7 11850he Firmware by Intel

Core I7 1185g7 Firmware by Intel

Core I7 1185g7e Firmware by Intel

Core I7 1185gre Firmware by Intel

Core I7 1195g7 Firmware by Intel

Core I9 10885h Firmware by Intel

Core I9 10980hk Firmware by Intel

Core I9 11900 Firmware by Intel