CVE-2023-27517

NameCVE-2023-27517
DescriptionImproper access control in some Intel(R) Optane(TM) PMem software before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 may allow an athenticated user to potentially enable escalation of privilege via local access.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ipmctl (PTS)bullseye02.00.00.3852+ds-1vulnerable
bookworm03.00.00.0468-1vulnerable
sid03.00.00.0485-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ipmctlsource(unstable)03.00.00.0485-1

Notes

[bookworm] - ipmctl <no-dsa> (Minor issue)
[bullseye] - ipmctl <no-dsa> (Minor issue)
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00948.html
Search for package or bug name: Reporting problems