CVE-2023-20588 - Vulnerability Details

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0611.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

AMD

EPYC™ 7001 Processors

affected

Version	Status	Constraints
`various`	affected	—

AMD

Athlon™ 3000 Series Processors with Radeon™ Graphics

affected

Version	Status	Constraints
`various`	affected	—

AMD

Ryzen™ 3000 Series Processors with Radeon™ Graphics

affected

Version	Status	Constraints
`various`	affected	—

AMD

Athlon™ PRO 3000 Series Processors with Radeon™ Vega Graphics

affected

Version	Status	Constraints
`Various`	affected	—

AMD

Ryzen™ PRO 3000 Series Processors with Radeon™ Vega Graphics

affected

Version	Status	Constraints
`various`	affected	—

Configuration 1 [-]

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*
	cpe:2.3:o:debian:debian_linux:12.0:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:amd:epyc_7351p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7351p:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:amd:epyc_7401p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7401p:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:amd:epyc_7551p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7551p:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:amd:epyc_7251_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7251:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:amd:epyc_7261_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7261:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:amd:epyc_7281_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7281:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:amd:epyc_7301_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7301:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:amd:epyc_7351_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7351:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:amd:epyc_7371_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7371:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:amd:epyc_7401_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7401:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:amd:epyc_7451_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7451:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:amd:epyc_7501_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7501:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:amd:epyc_7551_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7551:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:amd:epyc_7571_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7571:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:amd:epyc_7601_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7601:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:amd:ryzen_5_pro_3400g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5_pro_3400g:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:amd:ryzen_5_3400g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5_3400g:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:amd:ryzen_5_pro_3400ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5_pro_3400ge:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:amd:ryzen_5_pro_3350g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5_pro_3350g:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:amd:ryzen_5_pro_3350ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5_pro_3350ge:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:amd:ryzen_3_pro_3200g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3_pro_3200g:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:amd:ryzen_3_3200g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3_3200g:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:amd:ryzen_3_3200ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3_3200ge:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:amd:ryzen_3_pro_3200ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3_pro_3200ge:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:amd:athlon_pro_300ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:athlon_pro_300ge:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:amd:athlon_gold_3150ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:athlon_gold_3150ge:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:amd:athlon_gold_pro_3150ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:athlon_gold_pro_3150ge:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:amd:athlon_gold_3150g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:athlon_gold_3150g:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:amd:athlon_gold_pro_3150g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:athlon_gold_pro_3150g:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:amd:athlon_silver_3050ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:athlon_silver_3050ge:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:amd:athlon_silver_pro_3125ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:athlon_silver_pro_3125ge:-:*:*:*:*:*:*:*

Configuration 33 [-]

cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*

Configuration 34 [-]

OR	cpe:2.3:o:fedoraproject:fedora:37:::::::*
	cpe:2.3:o:fedoraproject:fedora:38:::::::*
	cpe:2.3:o:fedoraproject:fedora:39:::::::*

Configuration 35 [-]

OR	cpe:2.3:o:microsoft:windows_10_1507::::::::
	cpe:2.3:o:microsoft:windows_10_1607::::::::
	cpe:2.3:o:microsoft:windows_10_1809::::::::
	cpe:2.3:o:microsoft:windows_10_21h2::::::::
	cpe:2.3:o:microsoft:windows_10_22h2::::::::
	cpe:2.3:o:microsoft:windows_11_21h2::::::::
	cpe:2.3:o:microsoft:windows_11_22h2::::::::
	cpe:2.3:o:microsoft:windows_11_23h2::::::::
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2::::::
	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::x64:*
	cpe:2.3:o:microsoft:windows_server_2012:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*
	cpe:2.3:o:microsoft:windows_server_2016::::::::
	cpe:2.3:o:microsoft:windows_server_2019::::::::
	cpe:2.3:o:microsoft:windows_server_2022_23h2::::::::

No data.

Project Subscriptions

Vendors	Products
Amd Subscribe	Athlon Gold 3150g Subscribe Athlon Gold 3150g Firmware Subscribe Athlon Gold 3150ge Subscribe Athlon Gold 3150ge Firmware Subscribe Athlon Gold Pro 3150g Subscribe Athlon Gold Pro 3150g Firmware Subscribe Athlon Gold Pro 3150ge Subscribe Athlon Gold Pro 3150ge Firmware Subscribe Athlon Pro 300ge Subscribe Athlon Pro 300ge Firmware Subscribe Athlon Silver 3050ge Subscribe Athlon Silver 3050ge Firmware Subscribe Athlon Silver Pro 3125ge Subscribe Athlon Silver Pro 3125ge Firmware Subscribe Epyc 7251 Subscribe Epyc 7251 Firmware Subscribe Epyc 7261 Subscribe Epyc 7261 Firmware Subscribe Epyc 7281 Subscribe Epyc 7281 Firmware Subscribe Epyc 7301 Subscribe Epyc 7301 Firmware Subscribe Epyc 7351 Subscribe Epyc 7351 Firmware Subscribe Epyc 7351p Subscribe Epyc 7351p Firmware Subscribe Epyc 7371 Subscribe Epyc 7371 Firmware Subscribe Epyc 7401 Subscribe Epyc 7401 Firmware Subscribe Epyc 7401p Subscribe Epyc 7401p Firmware Subscribe Epyc 7451 Subscribe Epyc 7451 Firmware Subscribe Epyc 7501 Subscribe Epyc 7501 Firmware Subscribe Epyc 7551 Subscribe Epyc 7551 Firmware Subscribe Epyc 7551p Subscribe Epyc 7551p Firmware Subscribe Epyc 7571 Subscribe Epyc 7571 Firmware Subscribe Epyc 7601 Subscribe Epyc 7601 Firmware Subscribe Ryzen 3 3200g Subscribe Ryzen 3 3200g Firmware Subscribe Ryzen 3 3200ge Subscribe Ryzen 3 3200ge Firmware Subscribe Ryzen 3 Pro 3200g Subscribe Ryzen 3 Pro 3200g Firmware Subscribe Ryzen 3 Pro 3200ge Subscribe Ryzen 3 Pro 3200ge Firmware Subscribe Ryzen 5 3400g Subscribe Ryzen 5 3400g Firmware Subscribe Ryzen 5 Pro 3350g Subscribe Ryzen 5 Pro 3350g Firmware Subscribe Ryzen 5 Pro 3350ge Subscribe Ryzen 5 Pro 3350ge Firmware Subscribe Ryzen 5 Pro 3400g Subscribe Ryzen 5 Pro 3400g Firmware Subscribe Ryzen 5 Pro 3400ge Subscribe Ryzen 5 Pro 3400ge Firmware Subscribe
Debian Subscribe	Debian Linux Subscribe
Fedoraproject Subscribe	Fedora Subscribe
Microsoft Subscribe	Windows 10 1507 Subscribe Windows 10 1607 Subscribe Windows 10 1809 Subscribe Windows 10 21h2 Subscribe Windows 10 22h2 Subscribe Windows 11 21h2 Subscribe Windows 11 22h2 Subscribe Windows 11 23h2 Subscribe Windows Server 2008 Subscribe Windows Server 2012 Subscribe Windows Server 2016 Subscribe Windows Server 2019 Subscribe Windows Server 2022 23h2 Subscribe
Xen Subscribe	Xen Subscribe

Advisories

Source	ID	Title
Debian DLA	DLA-3623-1	linux-5.10 security update
Debian DSA	DSA-5480-1	linux security update
Debian DSA	DSA-5492-1	linux security update
Ubuntu USN	USN-6383-1	Linux kernel vulnerabilities
Ubuntu USN	USN-6384-1	Linux kernel (OEM) vulnerabilities
Ubuntu USN	USN-6386-1	Linux kernel vulnerabilities
Ubuntu USN	USN-6386-2	Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN	USN-6386-3	Linux kernel vulnerabilities
Ubuntu USN	USN-6387-1	Linux kernel vulnerabilities
Ubuntu USN	USN-6387-2	Linux kernel vulnerabilities
Ubuntu USN	USN-6466-1	Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN	USN-6577-1	Linux kernel (AWS) vulnerabilities
Ubuntu USN	USN-6602-1	Linux kernel vulnerabilities
Ubuntu USN	USN-6604-1	Linux kernel vulnerabilities
Ubuntu USN	USN-6604-2	Linux kernel (Azure) vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2023/09/25/3
http://www.openwall.com/lists/oss-security/2023/09/25/4
http://www.openwall.com/lists/oss-security/2023/09/25/5
http://www.openwall.com/lists/oss-security/2023/09/25/7
http://www.openwall.com/lists/oss-security/2023/09/25/8
http://www.openwall.com/lists/oss-security/2023/09/26/5
http://www.openwall.com/lists/oss-security/2023/09/26/8
http://www.openwall.com/lists/oss-security/2023/09/26/9
http://www.openwall.com/lists/oss-security/2023/09/27/1
http://www.openwall.com/lists/oss-security/2023/10/03/12
http://www.openwall.com/lists/oss-security/2023/10/03/13
http://www.openwall.com/lists/oss-security/2023/10/03/14
http://www.openwall.com/lists/oss-security/2023/10/03/15
http://www.openwall.com/lists/oss-security/2023/10/03/16
http://www.openwall.com/lists/oss-security/2023/10/03/9
http://www.openwall.com/lists/oss-security/2023/10/04/1
http://www.openwall.com/lists/oss-security/2023/10/04/2
http://www.openwall.com/lists/oss-security/2023/10/04/3
http://www.openwall.com/lists/oss-security/2023/10/04/4
http://xenbits.xen.org/xsa/advisory-439.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZCACEHT6ZZZGG36QQMGROBM4FLWYJX/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJTUVYZMP6BNF342DS3W7XGOGXC6JPN5/
https://nvd.nist.gov/vuln/detail/CVE-2023-20588
https://security.netapp.com/advisory/ntap-20240531-0005/
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7007.html
https://www.cve.org/CVERecord?id=CVE-2023-20588
https://www.debian.org/security/2023/dsa-5480
https://www.debian.org/security/2023/dsa-5492

History

Thu, 17 Oct 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2023-08-08T17:06:30.065Z

Updated: 2024-10-17T14:23:18.239Z

Reserved: 2022-10-27T18:53:39.759Z

Link: CVE-2023-20588

Vulnrichment

Updated: 2024-08-02T09:05:36.921Z

NVD

Status : Modified

Published: 2023-08-08T18:15:11.653

Modified: 2024-11-21T07:41:10.450

Link: CVE-2023-20588

Redhat

Severity : Low

Publid Date: 2023-08-08T18:08:00Z

Links: CVE-2023-20588 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-369

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object