CVE-2023-20593
Advisory lineage Upstream: 0 Downstream: 129
Modified
Published: 24 Jul 2023, 19:38
Last modified:13 Feb 2025, 16:39
Vulnerability Summary
Overall Risk (default)
medium
34/100 CVSS Score
5.5 MEDIUM
v3.1 (nvd)
EPSS Score
8.44% LOW
8% probability +2.56%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected
Timeline
24 Jul 2023, 19:38
Published
Vulnerability first disclosed
13 Feb 2025, 16:39
Last Modified
Vulnerability information updated
Description
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Trends
Current EPSS score: 8.44%• Percentile: 92%
Techniques & Countermeasures
- CWE-209•Generation of Error Message Containing Sensitive Information
The product generates an error message that includes sensitive information about its environment, users, or associated data.
Affected Systems
- amd•2nd gen amd epyc™ processors
various
- amd•3rd gen amd ryzen™ threadripper™ processors “castle peak” hedt
various
- amd•amd ryzen™ 4000 series desktop processors with radeon™ graphics “renoir” am4
various
- amd•athlon_gold_7220u_firmware
na
- amd•epyc_7232p_firmware
na
- amd•epyc_7252_firmware
na
- amd•epyc_7262_firmware
na
- amd•epyc_7272_firmware
na
- amd•epyc_7282_firmware
na
- amd•epyc_7302_firmware
na
- amd•epyc_7302p_firmware
na
- amd•epyc_7352_firmware
na
- amd•epyc_7402_firmware
na
- amd•epyc_7402p_firmware
na
- amd•epyc_7452_firmware
na
- amd•epyc_7502_firmware
na
- amd•epyc_7502p_firmware
na
- amd•epyc_7532_firmware
na
- amd•epyc_7542_firmware
na
- amd•epyc_7552_firmware
na
- amd•epyc_7642_firmware
na
- amd•epyc_7662_firmware
na
- amd•epyc_7702_firmware
na
- amd•epyc_7702p_firmware
na
- amd•epyc_7742_firmware
na
- amd•epyc_7f32_firmware
na
- amd•epyc_7f52_firmware
na
- amd•epyc_7f72_firmware
na
- amd•epyc_7h12_firmware
na
- amd•ryzen_3_3100_firmware
na
- amd•ryzen_3_3300x_firmware
na
- amd•ryzen_3_4300g_firmware
na
- amd•ryzen_3_4300ge_firmware
na
- amd•ryzen_3_5300u_firmware
na
- amd•ryzen_3_7320u_firmware
na
- amd•ryzen_3_pro_4200g_firmware
na
- amd•ryzen_3_pro_4350g_firmware
na
- amd•ryzen_3_pro_4350ge_firmware
na
- amd•ryzen_3_pro_4450u_firmware
na
- amd•ryzen_5_3500_firmware
na
- amd•ryzen_5_3500x_firmware
na
- amd•ryzen_5_3600_firmware
na
- amd•ryzen_5_3600x_firmware
na
- amd•ryzen_5_3600xt_firmware
na
- amd•ryzen_5_4600g_firmware
na
- amd•ryzen_5_4600ge_firmware
na
- amd•ryzen_5_5500u_firmware
na
- amd•ryzen_5_7520u_firmware
na
- amd•ryzen_5_pro_4400g_firmware
na
- amd•ryzen_5_pro_4650g_firmware
na
Showing first 50 affected entries in server-rendered view.
References (35)
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7008
- http://xenbits.xen.org/xsa/advisory-433.html
- http://www.openwall.com/lists/oss-security/2023/07/24/3
- http://seclists.org/fulldisclosure/2023/Jul/43
- http://www.openwall.com/lists/oss-security/2023/07/25/5
- http://www.openwall.com/lists/oss-security/2023/07/25/6
- http://www.openwall.com/lists/oss-security/2023/07/25/1
- http://www.openwall.com/lists/oss-security/2023/07/25/13
- http://www.openwall.com/lists/oss-security/2023/07/25/17
- http://www.openwall.com/lists/oss-security/2023/07/25/12
- http://www.openwall.com/lists/oss-security/2023/07/25/16
- http://www.openwall.com/lists/oss-security/2023/07/25/14
- http://www.openwall.com/lists/oss-security/2023/07/25/15
- http://www.openwall.com/lists/oss-security/2023/07/26/1
- https://cmpxchg8b.com/zenbleed.html
- https://www.debian.org/security/2023/dsa-5459
- https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html
- https://www.debian.org/security/2023/dsa-5462
- https://www.debian.org/security/2023/dsa-5461
- https://lists.debian.org/debian-lts-announce/2023/07/msg00033.html
- http://www.openwall.com/lists/oss-security/2023/07/31/2
- https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD2G74BXS2SWOE3FIQJ6X76S3A7PDGML/
- http://www.openwall.com/lists/oss-security/2023/08/08/7
- http://www.openwall.com/lists/oss-security/2023/08/08/8
- http://www.openwall.com/lists/oss-security/2023/08/08/6
- http://www.openwall.com/lists/oss-security/2023/08/16/4
- http://www.openwall.com/lists/oss-security/2023/08/16/5
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP6WQO3CDPLE5O635N7TAL5KCZ6HZ4FE/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/
- http://www.openwall.com/lists/oss-security/2023/09/22/9
- http://www.openwall.com/lists/oss-security/2023/09/22/11
- http://www.openwall.com/lists/oss-security/2023/09/25/4
- http://www.openwall.com/lists/oss-security/2023/09/25/7
- https://security.netapp.com/advisory/ntap-20240531-0004/