CVE-2023-22848

Vulnerability

An improper access control vulnerability exists in some Intel(R) Thunderbolt(TM) DCH drivers for Windows versions before 88. The flaw resides in the driver's handling of access permissions, allowing an authenticated user to interact with the driver in ways that lead to denial of service. Affected versions include all driver releases prior to version 88 [1].

Exploitation

To exploit this vulnerability, an attacker must have local access to the system and be authenticated (e.g., as a standard user). The attacker can then leverage the improper access controls to trigger a denial of service condition by sending specially crafted requests to the driver, likely causing the system or Thunderbolt functionality to become unresponsive [1].

Impact

Successful exploitation results in a denial of service, impacting system availability. The attacker gains no additional privileges and the scope of compromise is limited to local disruption of the affected driver or system [1].

Mitigation

Intel has released driver version 88 to address this vulnerability. Users should update to the latest version available from Intel's support site or via Windows Update. No workarounds have been provided; updating is the recommended mitigation [1].