Login Sign Up

CVE-2023-47855

6.0 MEDIUM

📋 TL;DR

This vulnerability in Intel TDX module software allows a privileged user with local access to potentially escalate privileges due to improper input validation. It affects systems running Intel TDX module software before version 1.5.05.46.698. The risk is limited to environments where attackers already have some level of privileged access.

💻 Affected Systems

Products:
  • Intel TDX Module Software
Versions: All versions before 1.5.05.46.698
Operating Systems: Linux systems with Intel TDX support
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Intel TDX (Trust Domain Extensions) enabled systems. Affects virtualization environments using TDX for confidential computing.

📦 What is this software?

Hci Compute Node Bios by Netapp

View all CVEs affecting Hci Compute Node Bios →

Tdx Module by Intel

View all CVEs affecting Tdx Module →

⚠️ Risk & Real-World Impact

🔴

Worst Case

A privileged attacker could gain higher privileges, potentially compromising the entire system or accessing sensitive data within TDX-protected environments.

🟠

Likely Case

Privileged users could abuse this to bypass intended security boundaries within TDX environments, though exploitation requires existing access.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited as exploitation requires privileged local access.

🌐 Internet-Facing: LOW - Exploitation requires local privileged access, not remotely exploitable.
🏢 Internal Only: MEDIUM - Internal privileged users could exploit this, but requires specific TDX module access.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires privileged local access and knowledge of TDX module internals. No public exploits known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.5.05.46.698 or later

Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html

Restart Required: Yes

Instructions:

1. Check current TDX module version. 2. Download updated TDX module from Intel. 3. Update TDX module following Intel's documentation. 4. Reboot system to load new module.

🔧 Temporary Workarounds

Disable TDX Module

linux

Temporarily disable Intel TDX functionality if not required

echo 'blacklist intel_tdx' > /etc/modprobe.d/disable-tdx.conf
rmmod intel_tdx

🧯 If You Can't Patch

  • Restrict local privileged access to systems with TDX module
  • Implement strict monitoring of privileged user activities on TDX-enabled systems

🔍 How to Verify

Check if Vulnerable:

Check TDX module version: dmesg | grep -i tdx or check /sys/module/intel_tdx/version

Check Version:

dmesg | grep -i 'tdx.*version' | head -5

Verify Fix Applied:

Verify TDX module version is 1.5.05.46.698 or higher after update

📡 Detection & Monitoring

Log Indicators:

  • Unusual TDX module loading/unloading
  • Privileged user accessing TDX-related system calls

Network Indicators:

  • Not applicable - local exploit only

SIEM Query:

source="kernel" AND "tdx" AND ("error" OR "warning" OR "failed")

📊 Metadata

CVE ID: CVE-2023-47855
CVSS v3 Score: 6.0 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-20
Published: May 16, 2024
Last Updated: September 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-47855, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)