CVE-2023-40540

moderate-risk
Published 2023-11-14

Non-Transparent Sharing of Microarchitectural Resources in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.

Do I need to act?

-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.1/10 Medium
LOCAL / HIGH complexity

Affected Products (20)

Nuc 11 Pro Kit Nuc11Tnkv50Z Firmware
Nuc 11 Pro Kit Nuc11Tnhv70L Firmware
Nuc 11 Pro Kit Nuc11Tnhv50L Firmware
Nuc 11 Pro Board Nuc11Tnbv7 Firmware
Nuc 11 Pro Kit Nuc11Tnkv5 Firmware
Nuc 11 Pro Kit Nuc11Tnkv7 Firmware
Nuc 11 Pro Kit Nuc11Tnhv5 Firmware
Nuc 11 Pro Mini Pc Nuc11Tnkv5 Firmware
Nuc 11 Pro Mini Pc Nuc11Tnkv7 Firmware
Nuc 11 Pro Kit Nuc11Tnhv7 Firmware
Nuc 11 Pro Board Nuc11Tnbv5 Firmware
Nuc 9 Extreme Laptop Kit Lapqc71B Firmware
Nuc 9 Extreme Laptop Kit Lapqc71D Firmware
Nuc 9 Extreme Laptop Kit Lapqc71C Firmware
Nuc 9 Extreme Laptop Kit Lapqc71A Firmware
Nuc 11 Enthusiast Kit Nuc11Phki7C Firmware
Nuc 11 Enthusiast Mini Pc Nuc11Phki7Caa Firmware
Nuc 11 Pro Kit Nuc11Tnhi70Z Firmware
Nuc 11 Pro Kit Nuc11Tnki70Z Firmware
Nuc 11 Pro Kit Nuc11Tnki30Z Firmware

Affected Vendors

Intel

References (2)

Patch https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001....
Patch https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001....
37
/ 100
moderate-risk
Severity 11/34 · Low
Exploitability 0/34 · Minimal
Exposure 26/34 · High