Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2024-02524

Опубликовано: 14 мар. 2024
Источник: fstec
CVSS3: 5.5
CVSS2: 4.6
EPSS Низкий

Описание

Уязвимость микропрограммного обеспечения процессоров Intel связана с раскрытием информации через несоответствие. Эксплуатация уязвимости может позволить нарушителю раскрыть защищаемую информацию

Вендор

Intel Corp.
ООО «Ред Софт»
ООО «РусБИТех-Астра»
Lenovo Group Limited
АО "НППКТ"

Наименование ПО

Intel Celeron
Intel Xeon E Series
Intel Pentium Gold Series
Intel Xeon W Processor
РЕД ОС
Astra Linux Special Edition
12th Generation Intel Core Processor Family
13th Generation Intel Core Processor Family
4th Generation Intel Xeon Scalable processors
4th Generation Intel Xeon Platinum processors
4th Generation Intel Xeon Gold Processors
4th Generation Intel Xeon Silver Processor
4th Generation Intel Xeon Bronze Processor
4th Gen Intel Xeon Scalable Processors with Intel vRAN
IdeaCentre 3-07IMB05
IdeaCentre 5 14IAB7
IdeaCentre 5 14IRB8
IdeaCentre Gaming 5 17IAB7
Legion T5 26IRB8
Legion T7 34IRZ8
LOQ 17IRB8
ThinkCentre M70c
ThinkCentre M70q Gen 2
ThinkCentre M90a
ThinkCentre M90a Gen 2
ThinkCentre M90a Gen 3
ThinkCentre M90a Gen 3 Pro
ThinkCentre M90q Gen 2
ThinkCentre Neo 50t Gen 3
ThinkCentre Neo 50t Gen 4
Lenovo V50a-22IMB
Lenovo V50a-24IMB
Lenovo V50s-07IMB
Lenovo V50t-13IMH
300w Yoga Gen 4 Laptop (Lenovo)
500w Yoga Gen 4 Laptop (Lenovo)
ThinkPad L13 Gen 3 Type (21B3)
ThinkPad L13 Gen 3 Type (21B4)
ThinkPad L13 Gen 3 Type (21B5)
ThinkPad L13 Gen 3 Type (21B6)
ThinkPad L14 Gen 3 Type (21C1)
ThinkPad L14 Gen 3 Type (21C2)
ThinkPad L15 Gen 3 Type (21C3)
ThinkPad L15 Gen 3 Type (21C4)
ThinkPad X1 Carbon 10th Gen Type (21CB)
ThinkPad X1 Carbon 10th Gen Type (21CC)
ThinkPad X1 Yoga 7th Gen Type (21CD)
ThinkPad X1 Yoga 7th Gen Type (21CE)
ThinkPad X13 Yoga Gen 3 Type (21AW)
ThinkPad X13 Yoga Gen 3 Type (21AX)
ThinkStation P350 Tiny Workstation
ThinkSystem ST50 V2
ThinkSystem ST58 V2
14th Generation Intel Core Processor Family
P7 Intel Workstation (ThinkStation)
Legion 7 16IAX7
Lenovo Slim 7 ProX 14IAH7
Lenovo Slim 9 14IAP7
Yoga Slim 7 ProX 14IAH7
ThinkCentre Neo 50a 24 Gen 3 Desktop
ThinkCentre Neo 50a 24 Gen 4 Desktop
100w Gen 4 Laptop (Lenovo)
IdeaPad 5 14IAL7
IdeaPad 5 Pro 16IAH7
IdeaPad Duet 5 12IAU7
IdeaPad Duet 5 12IRU8
IdeaPad Flex 5 14IAU7 Laptop
IdeaPad Flex 5 16IAU7
IdeaPad Gaming 3 15IAH7 Laptop
IdeaPad Gaming 3 16IAH7
IdeaPad Pro 5 14IRH8
Legion 9 16IRX8
Lenovo Flex 7 14IAU7
Lenovo Slim 7 14IRP8
Slim 7 16IAH7 Laptop
ThinkBook 13s G4 IAP
ThinkBook 13x G2 IAP Laptop
ThinkBook 14 G4+ IAP Laptop
ThinkBook 16 G4+ IAP Laptop
Yoga 7 14IRL8
Yoga 7 16IRL8
Yoga Book 9 13IRU8
Yoga Pro 7 14IRH8
Yoga Slim 6 14IAP8
Yoga Slim 6 14IRP8
Yoga Slim 7 Pro 16IAH7 Laptop
Yoga Slim 9 14IAP7
ThinkPad P1 Gen 5 Type (21DC)
ThinkPad P1 Gen 5 Type (21DD)
ThinkPad X1 Extreme Gen 5 Type (21DE)
ThinkPad X1 Extreme Gen 5 Type (21DF)
ThinkPad X1 Nano Gen 2 Type (21E8)
ThinkPad X1 Nano Gen 2 Type (21E9)
5th Generation Intel Xeon Scalable processors
Intel Pentium Processor G7400
Intel Pentium Processor G7400T
IdeaCentre AIO 5 24IAH7
IdeaCentre AIO 5 27IAH7
ОСОН ОСнова Оnyx

Версия ПО

- (Intel Celeron)
- (Intel Xeon E Series)
- (Intel Pentium Gold Series)
- (Intel Xeon W Processor)
7.3 (РЕД ОС)
1.7 (Astra Linux Special Edition)
- (12th Generation Intel Core Processor Family)
- (13th Generation Intel Core Processor Family)
- (4th Generation Intel Xeon Scalable processors)
- (4th Generation Intel Xeon Platinum processors)
- (4th Generation Intel Xeon Gold Processors)
- (4th Generation Intel Xeon Silver Processor)
- (4th Generation Intel Xeon Bronze Processor)
- (4th Gen Intel Xeon Scalable Processors with Intel vRAN)
до M2VKT23A (IdeaCentre 3-07IMB05)
до M42KT4AA (IdeaCentre 5 14IAB7)
до M4UKT3DA (IdeaCentre 5 14IRB8)
до M42KT4AA (IdeaCentre Gaming 5 17IAB7)
до O5TKT34A (Legion T5 26IRB8)
до O5UKT37A (Legion T7 34IRZ8)
до M4UKT3DA (LOQ 17IRB8)
до M2VKT23A (ThinkCentre M70c)
до M3JKT3DA (ThinkCentre M70q Gen 2)
до M2RKT58A (ThinkCentre M90a)
до M3LKT2BA (ThinkCentre M90a Gen 2)
до M4IKT21A (ThinkCentre M90a Gen 3)
до M4HKT22A (ThinkCentre M90a Gen 3 Pro)
до M3JKT3DA (ThinkCentre M90q Gen 2)
до M42KT4AA (ThinkCentre Neo 50t Gen 3)
до M4UKT3DA (ThinkCentre Neo 50t Gen 4)
до M36KT33A (Lenovo V50a-22IMB)
до M36KT33A (Lenovo V50a-24IMB)
до M2VKT23A (Lenovo V50s-07IMB)
до M4PKT17A (Lenovo V50t-13IMH)
до L2CN32WW (300w Yoga Gen 4 Laptop (Lenovo))
до L2CN32WW (500w Yoga Gen 4 Laptop (Lenovo))
до 1.21 (ThinkPad L13 Gen 3 Type (21B3))
до 1.21 (ThinkPad L13 Gen 3 Type (21B4))
до 1.21 (ThinkPad L13 Gen 3 Type (21B5))
до 1.21 (ThinkPad L13 Gen 3 Type (21B6))
до 1.34 (ThinkPad L14 Gen 3 Type (21C1))
до 1.34 (ThinkPad L14 Gen 3 Type (21C2))
до 1.34 (ThinkPad L15 Gen 3 Type (21C3))
до 1.34 (ThinkPad L15 Gen 3 Type (21C4))
до 1.44 (ThinkPad X1 Carbon 10th Gen Type (21CB))
до 1.44 (ThinkPad X1 Carbon 10th Gen Type (21CC))
до 1.44 (ThinkPad X1 Yoga 7th Gen Type (21CD))
до 1.44 (ThinkPad X1 Yoga 7th Gen Type (21CE))
до 1.17 (ThinkPad X13 Yoga Gen 3 Type (21AW))
до 1.17 (ThinkPad X13 Yoga Gen 3 Type (21AX))
до M3JKT3DA (ThinkStation P350 Tiny Workstation)
до TOE112B (ThinkSystem ST50 V2)
до TOE112B (ThinkSystem ST58 V2)
- (14th Generation Intel Core Processor Family)
до S0DKT16A (P7 Intel Workstation (ThinkStation))
до K1CN45WW (Legion 7 16IAX7)
до HMCN48WW (Lenovo Slim 7 ProX 14IAH7)
до J3CN55WW (Lenovo Slim 9 14IAP7)
до HMCN48WW (Yoga Slim 7 ProX 14IAH7)
до O5RKT22A (ThinkCentre Neo 50a 24 Gen 3 Desktop)
до O5XKT21A (ThinkCentre Neo 50a 24 Gen 4 Desktop)
до L2CN32WW (100w Gen 4 Laptop (Lenovo))
до JLCN37WW (IdeaPad 5 14IAL7)
до J5CN34WW (IdeaPad 5 Pro 16IAH7)
до JXCN48WW (IdeaPad Duet 5 12IAU7)
до M7CN20WW (IdeaPad Duet 5 12IRU8)
до J7CN46WW (IdeaPad Flex 5 14IAU7 Laptop)
до J7CN46WW (IdeaPad Flex 5 16IAU7)
до JMCN45WW (IdeaPad Gaming 3 15IAH7 Laptop)
до JMCN45WW (IdeaPad Gaming 3 16IAH7)
до LJCN29WW (IdeaPad Pro 5 14IRH8)
до MHCH40WW (Legion 9 16IRX8)
до J7CN46WW (Lenovo Flex 7 14IAU7)
до LGCN28WW (Lenovo Slim 7 14IRP8)
до KMCN20WW (Slim 7 16IAH7 Laptop)
до HWCN51WW (ThinkBook 13s G4 IAP)
до HXCN56WW (ThinkBook 13x G2 IAP Laptop)
до HYCN48WW (ThinkBook 14 G4+ IAP Laptop)
до HYCN48WW (ThinkBook 16 G4+ IAP Laptop)
до LHCN22WW (Yoga 7 14IRL8)
до LHCN22WW (Yoga 7 16IRL8)
до KXCN36WW (Yoga Book 9 13IRU8)
до LWCN26WW (Yoga Pro 7 14IRH8)
до KTCN41WW (Yoga Slim 6 14IAP8)
до LGCN28WW (Yoga Slim 6 14IRP8)
до KMCN20WW (Yoga Slim 7 Pro 16IAH7 Laptop)
до J3CN55WW (Yoga Slim 9 14IAP7)
до 1.22 (ThinkPad P1 Gen 5 Type (21DC))
до 1.22 (ThinkPad P1 Gen 5 Type (21DD))
до 1.22 (ThinkPad X1 Extreme Gen 5 Type (21DE))
до 1.22 (ThinkPad X1 Extreme Gen 5 Type (21DF))
до 1.25 (ThinkPad X1 Nano Gen 2 Type (21E8))
до 1.25 (ThinkPad X1 Nano Gen 2 Type (21E9))
- (5th Generation Intel Xeon Scalable processors)
- (Intel Pentium Processor G7400)
- (Intel Pentium Processor G7400T)
до O5RKT22A (IdeaCentre AIO 5 24IAH7)
до O5RKT22A (IdeaCentre AIO 5 27IAH7)
до 2.11 (ОСОН ОСнова Оnyx)

Тип ПО

ПО программно-аппаратного средства
Микропрограммный код
Операционная система

Операционные системы и аппаратные платформы

ООО «Ред Софт» РЕД ОС 7.3
ООО «РусБИТех-Астра» Astra Linux Special Edition 1.7
АО "НППКТ" ОСОН ОСнова Оnyx до 2.11

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 4,6)
Средний уровень опасности (базовая оценка CVSS 3.0 составляет 5,5)

Возможные меры по устранению уязвимости

Использование рекомендаций:
Для продуктов Lenovo:
https://support.lenovo.com/us/en/product_security/LEN-155477
Для продуктов Intel:
https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00982.html
Для ОСОН ОСнова Оnyx (2.11):
Обновление программного обеспечения intel-microcode до версии 3.20240312.1~deb10u1
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для ОС Astra Linux:
обновить пакет intel-microcode до 3.20240813.1~deb12u1+ci202409161120+astra3 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 4%
0.00023
Низкий

5.5 Medium

CVSS3

4.6 Medium

CVSS2

Связанные уязвимости

redos логотип

ROS-20240902-08

CVSS3: 6.5
redos
10 месяцев назад

Множественные уязвимости linux-firmware

ubuntu логотип

CVE-2023-38575

CVSS3: 5.5
ubuntu
больше 1 года назад

Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

redhat логотип

CVE-2023-38575

CVSS3: 5.5
redhat
больше 1 года назад

Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

nvd логотип

CVE-2023-38575

CVSS3: 5.5
nvd
больше 1 года назад

Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

debian логотип

CVE-2023-38575

CVSS3: 5.5
debian
больше 1 года назад

Non-transparent sharing of return predictor targets between contexts i ...

EPSS

Процентиль: 4%
0.00023
Низкий

5.5 Medium

CVSS3

4.6 Medium

CVSS2