CVE-2023-20588 - Vulnerability Details

Description

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.

Published: 2023-08-08

Score: 5.5 Medium

EPSS: 7.8% Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

AMD

EPYC™ 7001 Processors

affected

Version	Status	Constraints
`various`	affected	—

AMD

Athlon™ 3000 Series Processors with Radeon™ Graphics

affected

Version	Status	Constraints
`various`	affected	—

AMD

Ryzen™ 3000 Series Processors with Radeon™ Graphics

affected

Version	Status	Constraints
`various`	affected	—

AMD

Athlon™ PRO 3000 Series Processors with Radeon™ Vega Graphics

affected

Version	Status	Constraints
`Various`	affected	—

AMD

Ryzen™ PRO 3000 Series Processors with Radeon™ Vega Graphics

affected

Version	Status	Constraints
`various`	affected	—

Configuration 1 [-]

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*
	cpe:2.3:o:debian:debian_linux:12.0:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:amd:epyc_7351p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7351p:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:amd:epyc_7401p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7401p:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:amd:epyc_7551p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7551p:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:amd:epyc_7251_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7251:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:amd:epyc_7261_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7261:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:amd:epyc_7281_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7281:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:amd:epyc_7301_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7301:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:amd:epyc_7351_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7351:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:amd:epyc_7371_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7371:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:amd:epyc_7401_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7401:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:amd:epyc_7451_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7451:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:amd:epyc_7501_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7501:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:amd:epyc_7551_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7551:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:amd:epyc_7571_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7571:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:amd:epyc_7601_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7601:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:amd:ryzen_5_pro_3400g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5_pro_3400g:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:amd:ryzen_5_3400g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5_3400g:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:amd:ryzen_5_pro_3400ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5_pro_3400ge:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:amd:ryzen_5_pro_3350g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5_pro_3350g:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:amd:ryzen_5_pro_3350ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5_pro_3350ge:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:amd:ryzen_3_pro_3200g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3_pro_3200g:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:amd:ryzen_3_3200g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3_3200g:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:amd:ryzen_3_3200ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3_3200ge:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:amd:ryzen_3_pro_3200ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3_pro_3200ge:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:amd:athlon_pro_300ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:athlon_pro_300ge:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:amd:athlon_gold_3150ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:athlon_gold_3150ge:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:amd:athlon_gold_pro_3150ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:athlon_gold_pro_3150ge:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:amd:athlon_gold_3150g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:athlon_gold_3150g:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:amd:athlon_gold_pro_3150g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:athlon_gold_pro_3150g:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:amd:athlon_silver_3050ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:athlon_silver_3050ge:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:amd:athlon_silver_pro_3125ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:athlon_silver_pro_3125ge:-:*:*:*:*:*:*:*

Configuration 33 [-]

cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*

Configuration 34 [-]

OR	cpe:2.3:o:fedoraproject:fedora:37:::::::*
	cpe:2.3:o:fedoraproject:fedora:38:::::::*
	cpe:2.3:o:fedoraproject:fedora:39:::::::*

Configuration 35 [-]

OR	cpe:2.3:o:microsoft:windows_10_1507::::::::
	cpe:2.3:o:microsoft:windows_10_1607::::::::
	cpe:2.3:o:microsoft:windows_10_1809::::::::
	cpe:2.3:o:microsoft:windows_10_21h2::::::::
	cpe:2.3:o:microsoft:windows_10_22h2::::::::
	cpe:2.3:o:microsoft:windows_11_21h2::::::::
	cpe:2.3:o:microsoft:windows_11_22h2::::::::
	cpe:2.3:o:microsoft:windows_11_23h2::::::::
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2::::::
	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::x64:*
	cpe:2.3:o:microsoft:windows_server_2012:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*
	cpe:2.3:o:microsoft:windows_server_2016::::::::
	cpe:2.3:o:microsoft:windows_server_2019::::::::
	cpe:2.3:o:microsoft:windows_server_2022_23h2::::::::

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-3623-1	linux-5.10 security update
Debian DSA	DSA-5480-1	linux security update
Debian DSA	DSA-5492-1	linux security update
Ubuntu USN	USN-6383-1	Linux kernel vulnerabilities
Ubuntu USN	USN-6384-1	Linux kernel (OEM) vulnerabilities
Ubuntu USN	USN-6386-1	Linux kernel vulnerabilities
Ubuntu USN	USN-6386-2	Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN	USN-6386-3	Linux kernel vulnerabilities
Ubuntu USN	USN-6387-1	Linux kernel vulnerabilities
Ubuntu USN	USN-6387-2	Linux kernel vulnerabilities
Ubuntu USN	USN-6466-1	Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN	USN-6577-1	Linux kernel (AWS) vulnerabilities
Ubuntu USN	USN-6602-1	Linux kernel vulnerabilities
Ubuntu USN	USN-6604-1	Linux kernel vulnerabilities
Ubuntu USN	USN-6604-2	Linux kernel (Azure) vulnerabilities

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.07781.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
http://www.openwall.com/lists/oss-security/2023/09/25/3
http://www.openwall.com/lists/oss-security/2023/09/25/4
http://www.openwall.com/lists/oss-security/2023/09/25/5
http://www.openwall.com/lists/oss-security/2023/09/25/7
http://www.openwall.com/lists/oss-security/2023/09/25/8
http://www.openwall.com/lists/oss-security/2023/09/26/5
http://www.openwall.com/lists/oss-security/2023/09/26/8
http://www.openwall.com/lists/oss-security/2023/09/26/9
http://www.openwall.com/lists/oss-security/2023/09/27/1
http://www.openwall.com/lists/oss-security/2023/10/03/12
http://www.openwall.com/lists/oss-security/2023/10/03/13
http://www.openwall.com/lists/oss-security/2023/10/03/14
http://www.openwall.com/lists/oss-security/2023/10/03/15
http://www.openwall.com/lists/oss-security/2023/10/03/16
http://www.openwall.com/lists/oss-security/2023/10/03/9
http://www.openwall.com/lists/oss-security/2023/10/04/1
http://www.openwall.com/lists/oss-security/2023/10/04/2
http://www.openwall.com/lists/oss-security/2023/10/04/3
http://www.openwall.com/lists/oss-security/2023/10/04/4
http://xenbits.xen.org/xsa/advisory-439.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZCACEHT6ZZZGG36QQMGROBM4FLWYJX/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJTUVYZMP6BNF342DS3W7XGOGXC6JPN5/
https://nvd.nist.gov/vuln/detail/CVE-2023-20588
https://security.netapp.com/advisory/ntap-20240531-0005/
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7007.html
https://www.cve.org/CVERecord?id=CVE-2023-20588
https://www.debian.org/security/2023/dsa-5480
https://www.debian.org/security/2023/dsa-5492

History

Thu, 17 Oct 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Subscriptions

Amd Athlon Gold 3150g Athlon Gold 3150g Firmware Athlon Gold 3150ge Athlon Gold 3150ge Firmware Athlon Gold Pro 3150g Athlon Gold Pro 3150g Firmware Athlon Gold Pro 3150ge Athlon Gold Pro 3150ge Firmware Athlon Pro 300ge Athlon Pro 300ge Firmware Athlon Silver 3050ge Athlon Silver 3050ge Firmware Athlon Silver Pro 3125ge Athlon Silver Pro 3125ge Firmware Epyc 7251 Epyc 7251 Firmware Epyc 7261 Epyc 7261 Firmware Epyc 7281 Epyc 7281 Firmware Epyc 7301 Epyc 7301 Firmware Epyc 7351 Epyc 7351 Firmware Epyc 7351p Epyc 7351p Firmware Epyc 7371 Epyc 7371 Firmware Epyc 7401 Epyc 7401 Firmware Epyc 7401p Epyc 7401p Firmware Epyc 7451 Epyc 7451 Firmware Epyc 7501 Epyc 7501 Firmware Epyc 7551 Epyc 7551 Firmware Epyc 7551p Epyc 7551p Firmware Epyc 7571 Epyc 7571 Firmware Epyc 7601 Epyc 7601 Firmware Ryzen 3 3200g Ryzen 3 3200g Firmware Ryzen 3 3200ge Ryzen 3 3200ge Firmware Ryzen 3 Pro 3200g Ryzen 3 Pro 3200g Firmware Ryzen 3 Pro 3200ge Ryzen 3 Pro 3200ge Firmware Ryzen 5 3400g Ryzen 5 3400g Firmware Ryzen 5 Pro 3350g Ryzen 5 Pro 3350g Firmware Ryzen 5 Pro 3350ge Ryzen 5 Pro 3350ge Firmware Ryzen 5 Pro 3400g Ryzen 5 Pro 3400g Firmware Ryzen 5 Pro 3400ge Ryzen 5 Pro 3400ge Firmware

Debian Debian Linux

Fedoraproject Fedora

Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 Windows 10 22h2 Windows 11 21h2 Windows 11 22h2 Windows 11 23h2 Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Server 2019 Windows Server 2022 23h2

Xen Xen

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2023-08-08T17:06:30.065Z

Updated: 2024-10-17T14:23:18.239Z

Reserved: 2022-10-27T18:53:39.759Z

Link: CVE-2023-20588

Vulnrichment

Updated: 2024-08-02T09:05:36.921Z

NVD

Status : Modified

Published: 2023-08-08T18:15:11.653

Modified: 2024-11-21T07:41:10.450

Link: CVE-2023-20588

Redhat

Severity : Low

Publid Date: 2023-08-08T18:08:00Z

Links: CVE-2023-20588 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-369

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object