Vulnerabilities > CVE-2023-28411 - Double Free vulnerability in Intel products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

intel

CWE-415

NVD

Published: 2023-05-10

Updated: 2023-11-07

Summary

Double free in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.

Vulnerable Configurations

Part	Description	Count
OS	Intel Intel Server System D50Tnp1Mhcrlc Firmware - Intel Server System D50Tnp1Mhcpac Firmware - Intel Server System D50Tnp2Mhsvac Firmware - Intel Server System D50Tnp2Mhstac Firmware - Intel Server System D50Tnp1Mhcrac Firmware - Intel Server System D50Tnp2Mfalac Firmware - Intel Server System M50Cyp1Ur204 Firmware - Intel Server System M50Cyp1Ur212 Firmware - Intel Server System M50Cyp2Ur312 Firmware - Intel Server System M50Cyp2Ur208 Firmware -	10
Hardware	Intel Intel Server System D50Tnp1Mhcrlc - Intel Server System D50Tnp1Mhcpac - Intel Server System D50Tnp2Mhsvac - Intel Server System D50Tnp2Mhstac - Intel Server System D50Tnp1Mhcrac - Intel Server System D50Tnp2Mfalac - Intel Server System M50Cyp1Ur204 - Intel Server System M50Cyp1Ur212 - Intel Server System M50Cyp2Ur312 - Intel Server System M50Cyp2Ur208 -	10

Common Weakness Enumeration (CWE)

CWE-415 - Double Free

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html