Critical Vulnerability Information Intel ID: INTEL-SA-01329 Category: Software Impact: Service Disruption Severity Rating: Medium Original Release Date: August 12, 2023 Last Updated Date: August 12, 2023 Vulnerability Summary Certain Device Plugins for Kubernetes software maintained by Intel may contain a potential security vulnerability that could allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details CVE ID: CVE-2023-24313 Description: In certain versions of Device Plugins for Kubernetes software prior to 0.32.0, improper access control may allow privileged users to cause denial of service via local system access. CVSS Score: - CVSS v3.1: 3.7/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H - CVSS v4.0: 6.7 Medium - CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/CN:VIN/VAN:SCN/SIN:SAN Affected Products Device Plugins for Kubernetes software maintained by Intel prior to version 0.32.0. Recommendations Intel recommends updating Device Plugins for Kubernetes software to version 0.32.0 or later. Updates can be downloaded here: https://github.com/intel/intel-device-plugins-for-kubernetes/releases/ Acknowledgments Thank you to SentinelOne security researchers Shaul Ben Hai and Yehonatan Bitton for reporting this issue.