| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.5 | $0-$5k | 0.00 |
Summary
A vulnerability classified as critical was found in Intel SSD Tools Software. The impacted element is an unknown function. Such manipulation leads to buffer overflow. This vulnerability is documented as CVE-2023-28736. The attack needs to be performed locally. There is not any exploit available. Upgrading the affected component is advised.
Details
A vulnerability, which was classified as critical, has been found in Intel SSD Tools Software. Affected by this issue is an unknown function. The manipulation with an unknown input leads to a buffer overflow vulnerability. Using CWE to declare the problem leads to CWE-120. The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. Impacted is confidentiality, integrity, and availability. CVE summarizes:
Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access.
The weakness was released 08/11/2023 as intel-sa-00690. The advisory is shared for download at intel.com. This vulnerability is handled as CVE-2023-28736 since 04/01/2023. There are neither technical details nor an exploit publicly available.
The vulnerability scanner Nessus provides a plugin with the ID 216368 (Azure Linux 3.0 Security Update: mdadm (CVE-2023-28736)), which helps to determine the existence of the flaw in a target environment.
Upgrading to version 4.2-rc2 eliminates this vulnerability.
The vulnerability is also documented in the vulnerability database at Tenable (216368). VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Vendor
Name
License
Website
- Vendor: https://www.intel.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.5VulDB Meta Temp Score: 5.5
VulDB Base Score: 4.2
VulDB Temp Score: 4.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 6.7
NVD Vector: 🔍
CNA Base Score: 5.7
CNA Vector (Intel Corporation): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Buffer overflowCWE: CWE-120 / CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 216368
Nessus Name: Azure Linux 3.0 Security Update: mdadm (CVE-2023-28736)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: SSD Tools Software 4.2-rc2
Timeline
04/01/2023 🔍08/11/2023 🔍
08/11/2023 🔍
02/17/2025 🔍
Sources
Vendor: intel.comAdvisory: intel-sa-00690
Status: Confirmed
CVE: CVE-2023-28736 (🔍)
GCVE (CVE): GCVE-0-2023-28736
GCVE (VulDB): GCVE-100-236936
Entry
Created: 08/11/2023 09:29Updated: 02/17/2025 12:08
Changes: 08/11/2023 09:29 (49), 09/08/2023 08:17 (11), 02/17/2025 12:08 (17)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.