{
  "threat_severity" : "Important",
  "public_date" : "2024-05-14T00:00:00Z",
  "bugzilla" : {
    "description" : "intel-microcode: Improper input validation in some Intel(R) TDX module software",
    "id" : "2292298",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2292298"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.9",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
    "status" : "draft"
  },
  "cwe" : "CWE-20",
  "details" : [ "Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.", "A flaw was found in intel-microcode. Improper input validation in some Intel(R) TDX module software may allow a privileged user to enable escalation of privilege via local access." ],
  "statement" : "This vulnerability does not affect any versions of Red Hat Enterprise Linux.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "microcode_ctl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "microcode_ctl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "microcode_ctl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "microcode_ctl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "microcode_ctl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-45745\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-45745\nhttps://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240514\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html" ],
  "name" : "CVE-2023-45745",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}