Key Information Vulnerability Overview Vulnerability ID: INTEL-SA-01510 Impact: Privilege Escalation Severity: High Original Release Date: August 17, 2023 Last Updated: August 17, 2023 Vulnerability Details CVE Number: CVE-2023-22830 Description: In certain Intel® Xeon® 6 scalable processors, insufficient access control granularity in the OOBM-SM module may allow a privileged user to potentially escalate privileges via remote access. CVSS Score: - CVSS v3.1: 7.3 (AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L) - CVSS v4.0: 7.3 (AV:A/AC:H/PR:H/UI:N/VCH:VH/VAL:SC/NISN:SAN) Affected Products Product Series: Intel® Xeon® 6 Processors (with A-Cores) Platform: Birch Stream Vertical: Server CPU ID: A0037, 0x85 Platform ID: A0E1, 0x20 Product Series: Intel® Xeon® 6 Processors Platform: Birch Stream Vertical: Server CPU ID: A00F3 Platform ID: 01 Recommended Actions Intel recommends that users of affected Intel® Xeon® 6 processors update to the latest firmware version provided by their system manufacturer to address these issues. Intel has released microcode updates for currently supported Intel® Xeon® 6 processors and listed them in the public GitHub repository. Related Resources 1. Access Microcode Public GitHub: https://github.com/intel/Linux-Processor-Microcode-Data-Files 2. Microcode Loading Points: https://www.intel.com/content/www/us/en/support/articles/technical/software-security-guidance/accessing-loading-microcode.html Acknowledgments This issue was internally discovered by Intel employees. Version History Version: 1.0 Date: August 17, 2023 Description: Initial Release