CVE-2023-23908: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-23908 is a security vulnerability affecting some 3rd Generation Intel(R) Xeon(R) Scalable processors, discovered and disclosed in August 2023. The vulnerability stems from improper access control mechanisms that could allow privileged users to potentially enable information disclosure through local access (Intel Advisory, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 4.4 (Medium) by NIST with vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N, while Intel Corporation assigned it a score of 6.0 (Medium) with vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N. The vulnerability is classified as CWE-284 (Improper Access Control) (NVD).

Successful exploitation of this vulnerability could lead to the disclosure of sensitive information. The vulnerability requires local access and high privileges to exploit, but could potentially result in high confidentiality impact (NetApp Advisory).

Intel has released microcode updates to address this vulnerability. The fix was included in the Intel microcode update version 20230808. Various operating system vendors have released updates incorporating these fixes, including Debian (version 3.20230808.1), Fedora, and Ubuntu (Debian Advisory, Fedora Advisory).