Skip to main content

Agilex 7 Fpga F Series 006 Firmware CVE-2023-22327

MEDIUM
Out-of-bounds Write (CWE-787)
2023-11-14 secure@intel.com
Memory Corruption Buffer Overflow Information Disclosure Intel Agilex 7 Fpga F Series 006 Firmware Agilex 7 Fpga F Series 008 Firmware Agilex 7 Fpga F Series 012 Firmware Agilex 7 Fpga F Series 014 Firmware Agilex 7 Fpga F Series 019 Firmware Agilex 7 Fpga F Series 022 Firmware Agilex 7 Fpga F Series 023 Firmware Agilex 7 Fpga F Series 027 Firmware Agilex 7 Fpga I Series 019 Firmware Agilex 7 Fpga I Series 022 Firmware Agilex 7 Fpga I Series 023 Firmware Agilex 7 Fpga I Series 027 Firmware Agilex 7 Fpga I Series 035 Firmware Agilex 7 Fpga I Series 040 Firmware Agilex 7 Fpga I Series 041 Firmware Agilex 7 Fpga M Series 039 Firmware Stratix 10 Dx 1100 Fpga Firmware Stratix 10 Dx 2100 Fpga Firmware Stratix 10 Dx 2800 Fpga Firmware Stratix 10 Gx 10M Fpga Firmware Stratix 10 Gx 1100 Fpga Firmware Stratix 10 Gx 1650 Fpga Firmware Stratix 10 Gx 1660 Fpga Firmware Stratix 10 Gx 2100 Fpga Firmware Stratix 10 Gx 2110 Fpga Firmware Stratix 10 Gx 2500 Fpga Firmware Stratix 10 Gx 2800 Fpga Firmware Stratix 10 Gx 400 Fpga Firmware Stratix 10 Gx 650 Fpga Firmware Stratix 10 Gx 850 Fpga Firmware Stratix 10 Mx 1650 Fpga Firmware Stratix 10 Mx 2100 Fpga Firmware Stratix 10 Nx 2100 Fpga Firmware Stratix 10 Sx 1100 Fpga Firmware Stratix 10 Sx 1650 Fpga Firmware Stratix 10 Sx 2100 Fpga Firmware Stratix 10 Sx 2500 Fpga Firmware Stratix 10 Sx 2800 Fpga Firmware Stratix 10 Sx 400 Fpga Firmware Stratix 10 Sx 650 Fpga Firmware Stratix 10 Sx 850 Fpga Firmware Stratix 10 Tx 1100 Fpga Firmware Stratix 10 Tx 1650 Fpga Firmware Stratix 10 Tx 2100 Fpga Firmware Stratix 10 Tx 2500 Fpga Firmware Stratix 10 Tx 2800 Fpga Firmware Stratix 10 Tx 400 Fpga Firmware Stratix 10 Tx 850 Fpga Firmware
4.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.4 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 14, 2023 - 19:15 nvd
MEDIUM 4.4

DescriptionNVD

Out-of-bounds write in firmware for some Intel(R) FPGA products before version 2.8.1 may allow a privileged user to potentially enable information disclosure via local access.

AnalysisAI

Out-of-bounds write in firmware for some Intel(R) FPGA products before version 2.8.1 may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. Out-of-bounds write in firmware for some Intel(R) FPGA products before version 2.8.1 may allow a privileged user to potentially enable information disclosure via local access. Affected products include: Intel Agilex 7 Fpga F-Series 006 Firmware, Intel Agilex 7 Fpga F-Series 008 Firmware, Intel Agilex 7 Fpga F-Series 012 Firmware, Intel Agilex 7 Fpga F-Series 014 Firmware, Intel Agilex 7 Fpga F-Series 019 Firmware. Version information: version 2.8.1.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

Share

CVE-2023-22327 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy