CVE-2023-27300

Vulnerability

Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to disclose information via local access. The vulnerability arises when a user-mode process sends malformed input to the driver, causing it to read beyond the intended buffer boundaries. Affected versions include all driver releases prior to 88 [1].

Exploitation

An authenticated user on the local system can exploit this vulnerability by sending specially crafted IOCTL requests to the Thunderbolt driver. No additional privileges beyond standard user access are required. The attacker triggers an out-of-bounds read by manipulating input parameters, causing the driver to expose kernel memory contents [1].

Impact

Successful exploitation leads to information disclosure (confidentiality breach). An attacker may be able to read sensitive kernel memory, including passwords, cryptographic keys, or other user data. The attack does not require elevated privileges but does require local access to the target system [1].

Mitigation

Intel has released driver version 88 to address this issue. Users and administrators should update the Thunderbolt driver to version 88 or later through their system vendor or Intel's official channels. There is no known workaround for older versions; applying the fix is the sole mitigation [1].