{
	"document":{
		"aggregate_severity":{
			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
			"text":"MEDIUM"
		},
		"category":"csaf_vex",
		"csaf_version":"2.0",
		"distribution":{
			"tlp":{
				"label":"WHITE",
				"url":"https:/www.first.org/tlp/"
			}
		},
		"lang":"en",
		"notes":[
			{
				"text":"Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
				"category":"general",
				"title":"Synopsis"
			}
		],
		"publisher":{
			"issuing_authority":"openEuler security committee",
			"name":"openEuler",
			"namespace":"https://www.openeuler.org",
			"contact_details":"openeuler-security@openeuler.org",
			"category":"vendor"
		},
		"references":[
			{
				"summary":"nvd cve",
				"category":"external",
				"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28746"
			},
			{
				"summary":"CVE-2023-28746 vex file",
				"category":"self",
				"url":"https://repo.openeuler.org/security/data/csaf/cve/2023/csaf-openeuler-cve-2023-28746.json"
			},
			{
				"summary":"openEuler-SA-2024-1732",
				"category":"self",
				"url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1732"
			},
			{
				"summary":"CVE-2023-28746",
				"category":"self",
				"url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2023-28746&packageName=microcode_ctl"
			}
		],
		"title":"openEuler cve CVE-2023-28746",
		"tracking":{
			"initial_release_date":"2024-06-14T09:20:15+08:00",
			"revision_history":[
				{
					"date":"2024-06-14T09:20:15+08:00",
					"summary":"Initial",
					"number":"1.0.0"
				},
				{
					"date":"2024-10-31T09:20:15+08:00",
					"summary":"Current version",
					"number":"2.0.0"
				}
			],
			"generator":{
				"date":"2024-10-31T09:20:15+08:00",
				"engine":{
					"name":"openEuler CSAF Tool V1.0"
				}
			},
			"current_release_date":"2024-10-31T09:20:15+08:00",
			"id":"CVE-2023-28746",
			"version":"2.0.0",
			"status":"interim"
		}
	},
	"product_tree":{
		"branches":[
			{
				"name":"openEuler",
				"category":"vendor",
				"branches":[
					{
						"name":"openEuler",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
									},
									"product_id":"openEuler-24.03-LTS",
									"name":"openEuler-24.03-LTS"
								},
								"name":"openEuler-24.03-LTS",
								"category":"product_version"
							}
						],
						"category":"product_name"
					},
					{
						"name":"src",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
									},
									"product_id":"microcode_ctl-20240531-1.oe2403.src.rpm",
									"name":"microcode_ctl-20240531-1.oe2403.src.rpm"
								},
								"name":"microcode_ctl-20240531-1.oe2403.src.rpm",
								"category":"product_version"
							}
						],
						"category":"architecture"
					},
					{
						"name":"x86_64",
						"branches":[
							{
								"product":{
									"product_identification_helper":{
										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
									},
									"product_id":"microcode_ctl-20240531-1.oe2403.x86_64.rpm",
									"name":"microcode_ctl-20240531-1.oe2403.x86_64.rpm"
								},
								"name":"microcode_ctl-20240531-1.oe2403.x86_64.rpm",
								"category":"product_version"
							}
						],
						"category":"architecture"
					}
				]
			}
		],
		"relationships":[
			{
				"relates_to_product_reference":"openEuler-24.03-LTS",
				"product_reference":"microcode_ctl-20240531-1.oe2403.src.rpm",
				"full_product_name":{
					"product_id":"openEuler-24.03-LTS:microcode_ctl-20240531-1.oe2403.src",
					"name":"microcode_ctl-20240531-1.oe2403.src as a component of openEuler-24.03-LTS"
				},
				"category":"default_component_of"
			},
			{
				"relates_to_product_reference":"openEuler-24.03-LTS",
				"product_reference":"microcode_ctl-20240531-1.oe2403.x86_64.rpm",
				"full_product_name":{
					"product_id":"openEuler-24.03-LTS:microcode_ctl-20240531-1.oe2403.x86_64",
					"name":"microcode_ctl-20240531-1.oe2403.x86_64 as a component of openEuler-24.03-LTS"
				},
				"category":"default_component_of"
			}
		]
	},
	"vulnerabilities":[
		{
			"cve":"CVE-2023-28746",
			"notes":[
				{
					"text":"Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
					"category":"description",
					"title":"Vulnerability Description"
				}
			],
			"product_status":{
				"fixed":[
					"openEuler-24.03-LTS:microcode_ctl-20240531-1.oe2403.src",
					"openEuler-24.03-LTS:microcode_ctl-20240531-1.oe2403.x86_64"
				]
			},
			"remediations":[
				{
					"product_ids":[
						"openEuler-24.03-LTS:microcode_ctl-20240531-1.oe2403.src",
						"openEuler-24.03-LTS:microcode_ctl-20240531-1.oe2403.x86_64"
					],
					"details":"microcode_ctl security update",
					"category":"vendor_fix",
					"url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1732"
				}
			],
			"scores":[
				{
					"cvss_v3":{
						"baseSeverity":"MEDIUM",
						"baseScore":6.5,
						"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
						"version":"3.1"
					},
					"products":[
						"openEuler-24.03-LTS:microcode_ctl-20240531-1.oe2403.src",
						"openEuler-24.03-LTS:microcode_ctl-20240531-1.oe2403.x86_64"
					]
				}
			],
			"threats":[
				{
					"details":"Medium",
					"category":"impact"
				}
			],
			"title":"CVE-2023-28746"
		}
	]
}