CVE-2023-43490

Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local access.

Weakness

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

Affected Software

Name	Vendor	Start Version	End Version
Red Hat Enterprise Linux 9	RedHat	microcode_ctl-4:20240910-1.el9_5	*
Intel-microcode	Ubuntu	bionic	*
Intel-microcode	Ubuntu	esm-infra-legacy/trusty	*
Intel-microcode	Ubuntu	esm-infra/bionic	*
Intel-microcode	Ubuntu	esm-infra/xenial	*
Intel-microcode	Ubuntu	focal	*
Intel-microcode	Ubuntu	jammy	*
Intel-microcode	Ubuntu	mantic	*
Intel-microcode	Ubuntu	trusty	*
Intel-microcode	Ubuntu	trusty/esm	*
Intel-microcode	Ubuntu	xenial	*

Potential Mitigations

Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-43490
CWE	https://cwe.mitre.org/data/definitions/682.html

Incorrect Calculation

Weakness

Affected Software

Potential Mitigations

References

CVE-2023-43490

Incorrect Calculation

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References