CVE-2023-20588 - OpenCVE

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Amd	Athlon Gold 3150g Athlon Gold 3150g Firmware Athlon Gold 3150ge Athlon Gold 3150ge Firmware Athlon Gold Pro 3150g Athlon Gold Pro 3150g Firmware Athlon Gold Pro 3150ge Athlon Gold Pro 3150ge Firmware Athlon Pro 300ge Athlon Pro 300ge Firmware Athlon Silver 3050ge Athlon Silver 3050ge Firmware Athlon Silver Pro 3125ge Athlon Silver Pro 3125ge Firmware Epyc 7251 Epyc 7251 Firmware Epyc 7261 Epyc 7261 Firmware Epyc 7281 Epyc 7281 Firmware Epyc 7301 Epyc 7301 Firmware Epyc 7351 Epyc 7351 Firmware Epyc 7351p Epyc 7351p Firmware Epyc 7371 Epyc 7371 Firmware Epyc 7401 Epyc 7401 Firmware Epyc 7401p Epyc 7401p Firmware Epyc 7451 Epyc 7451 Firmware Epyc 7501 Epyc 7501 Firmware Epyc 7551 Epyc 7551 Firmware Epyc 7551p Epyc 7551p Firmware Epyc 7571 Epyc 7571 Firmware Epyc 7601 Epyc 7601 Firmware Ryzen 3 3200g Ryzen 3 3200g Firmware Ryzen 3 3200ge Ryzen 3 3200ge Firmware Ryzen 3 Pro 3200g Ryzen 3 Pro 3200g Firmware Ryzen 3 Pro 3200ge Ryzen 3 Pro 3200ge Firmware Ryzen 5 3400g Ryzen 5 3400g Firmware Ryzen 5 Pro 3350g Ryzen 5 Pro 3350g Firmware Ryzen 5 Pro 3350ge Ryzen 5 Pro 3350ge Firmware Ryzen 5 Pro 3400g Ryzen 5 Pro 3400g Firmware Ryzen 5 Pro 3400ge Ryzen 5 Pro 3400ge Firmware
Debian	Debian Linux
Fedoraproject	Fedora
Microsoft	Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 Windows 10 22h2 Windows 11 21h2 Windows 11 22h2 Windows 11 23h2 Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Server 2019 Windows Server 2022 23h2
Xen	Xen

Configuration 1 [-]

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*
	cpe:2.3:o:debian:debian_linux:12.0:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:amd:epyc_7351p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7351p:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:amd:epyc_7401p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7401p:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:amd:epyc_7551p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7551p:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:amd:epyc_7251_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7251:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:amd:epyc_7261_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7261:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:amd:epyc_7281_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7281:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:amd:epyc_7301_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7301:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:amd:epyc_7351_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7351:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:amd:epyc_7371_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7371:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:amd:epyc_7401_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7401:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:amd:epyc_7451_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7451:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:amd:epyc_7501_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7501:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:amd:epyc_7551_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7551:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:amd:epyc_7571_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7571:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:amd:epyc_7601_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7601:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:amd:ryzen_5_pro_3400g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5_pro_3400g:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:amd:ryzen_5_3400g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5_3400g:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:amd:ryzen_5_pro_3400ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5_pro_3400ge:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:amd:ryzen_5_pro_3350g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5_pro_3350g:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:amd:ryzen_5_pro_3350ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5_pro_3350ge:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:amd:ryzen_3_pro_3200g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3_pro_3200g:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:amd:ryzen_3_3200g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3_3200g:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:amd:ryzen_3_3200ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3_3200ge:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:amd:ryzen_3_pro_3200ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3_pro_3200ge:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:amd:athlon_pro_300ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:athlon_pro_300ge:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:amd:athlon_gold_3150ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:athlon_gold_3150ge:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:amd:athlon_gold_pro_3150ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:athlon_gold_pro_3150ge:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:amd:athlon_gold_3150g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:athlon_gold_3150g:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:amd:athlon_gold_pro_3150g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:athlon_gold_pro_3150g:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:amd:athlon_silver_3050ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:athlon_silver_3050ge:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:amd:athlon_silver_pro_3125ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:athlon_silver_pro_3125ge:-:*:*:*:*:*:*:*

Configuration 33 [-]

cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*

Configuration 34 [-]

OR	cpe:2.3:o:fedoraproject:fedora:37:::::::*
	cpe:2.3:o:fedoraproject:fedora:38:::::::*
	cpe:2.3:o:fedoraproject:fedora:39:::::::*

Configuration 35 [-]

OR	cpe:2.3:o:microsoft:windows_10_1507::::::::
	cpe:2.3:o:microsoft:windows_10_1607::::::::
	cpe:2.3:o:microsoft:windows_10_1809::::::::
	cpe:2.3:o:microsoft:windows_10_21h2::::::::
	cpe:2.3:o:microsoft:windows_10_22h2::::::::
	cpe:2.3:o:microsoft:windows_11_21h2::::::::
	cpe:2.3:o:microsoft:windows_11_22h2::::::::
	cpe:2.3:o:microsoft:windows_11_23h2::::::::
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2::::::
	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::x64:*
	cpe:2.3:o:microsoft:windows_server_2012:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*
	cpe:2.3:o:microsoft:windows_server_2016::::::::
	cpe:2.3:o:microsoft:windows_server_2019::::::::
	cpe:2.3:o:microsoft:windows_server_2022_23h2::::::::

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2023/09/25/3
http://www.openwall.com/lists/oss-security/2023/09/25/4
http://www.openwall.com/lists/oss-security/2023/09/25/5
http://www.openwall.com/lists/oss-security/2023/09/25/7
http://www.openwall.com/lists/oss-security/2023/09/25/8
http://www.openwall.com/lists/oss-security/2023/09/26/5
http://www.openwall.com/lists/oss-security/2023/09/26/8
http://www.openwall.com/lists/oss-security/2023/09/26/9
http://www.openwall.com/lists/oss-security/2023/09/27/1
http://www.openwall.com/lists/oss-security/2023/10/03/12
http://www.openwall.com/lists/oss-security/2023/10/03/13
http://www.openwall.com/lists/oss-security/2023/10/03/14
http://www.openwall.com/lists/oss-security/2023/10/03/15
http://www.openwall.com/lists/oss-security/2023/10/03/16
http://www.openwall.com/lists/oss-security/2023/10/03/9
http://www.openwall.com/lists/oss-security/2023/10/04/1
http://www.openwall.com/lists/oss-security/2023/10/04/2
http://www.openwall.com/lists/oss-security/2023/10/04/3
http://www.openwall.com/lists/oss-security/2023/10/04/4
http://xenbits.xen.org/xsa/advisory-439.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZCACEHT6ZZZGG36QQMGROBM4FLWYJX/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJTUVYZMP6BNF342DS3W7XGOGXC6JPN5/
https://nvd.nist.gov/vuln/detail/CVE-2023-20588
https://security.netapp.com/advisory/ntap-20240531-0005/
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7007.html
https://www.cve.org/CVERecord?id=CVE-2023-20588
https://www.debian.org/security/2023/dsa-5480
https://www.debian.org/security/2023/dsa-5492

History

No history.

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2023-08-08T17:06:30.065Z

Updated: 2024-08-02T09:05:36.921Z

Reserved: 2022-10-27T18:53:39.759Z

Link: CVE-2023-20588

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-08-08T18:15:11.653

Modified: 2024-06-10T18:15:19.940

Link: CVE-2023-20588

Redhat

Severity : Low

Publid Date: 2023-08-08T18:08:00Z

Links: CVE-2023-20588 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object