CVE-2023-49603

High

Published: 12 February 2025

Published

12 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0004 11.9th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Race condition in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Security Summary

CVE-2023-49603 is a race condition vulnerability, classified under CWE-362, affecting some Intel System Security Report and System Resources Defense firmware. Published on 2025-02-12T22:15:30.623, it carries a CVSS v3.1 base score of 7.5 (AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). The flaw may allow a privileged user to potentially enable escalation of privilege via local access.

Exploitation requires local access (AV:L), high attack complexity (AC:H), and high privileges (PR:H), with no user interaction needed (UI:N). A successful attack can result in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H) within a changed scope (S:C), specifically enabling privilege escalation.

The Intel Security Advisory provides details on mitigation; see https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01203.html.

Details

CWE(s): CWE-362

References

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01203.html
secure@intel.com