CVE-2023-47165

Vulnerability

Overview

An improper conditions check vulnerability exists in Intel Data Center GPU Max Series 1100 and 1550 products [1]. This flaw, identified in the official Intel advisory INTEL-SA-01041, can be triggered by a privileged user with local access to the system [1]. The root cause is a missing or inadequate validation of specific conditions during GPU operations.

Exploitation

Conditions

To exploit CVE-2023-47165, an attacker must have local access to the affected system and possess elevated privileges [1]. The attack vector is local, meaning the adversary needs to be able to execute code or commands directly on the machine hosting the vulnerable GPU. No network-based exploitation is possible for this specific vulnerability.

Security

Impact

A successful exploit can lead to a denial of service (DoS) condition [1]. An attacker could leverage the improper condition check to crash the GPU subsystem, potentially rendering the entire system unstable or unavailable. The CVSS v3 base score of 6.0 (Medium severity) reflects this restricted attack vector and the impact of service disruption.

Mitigation

Status

Intel has released updates to address this vulnerability [1]. Users of the affected Intel Data Center GPU Max Series 1100 and 1550 products should apply the recommended firmware or driver updates from Intel as detailed in INTEL-SA-01041. No public exploitation has been reported in the advisory.