Data Leakage Vulnerability in AMD CPUs Due to Non-Canonical Address Execution
CVE-2020-12965

7.5HIGH

Key Information:

Vendor: Amd
Status: All Supported Processors
Vendor: CVE Published:; 4 February 2022

Summary

Certain AMD CPUs may transiently execute non-canonical loads and store operations using only the lower 48 bits of the address space, which can potentially lead to the unintended exposure of sensitive data. This behavior occurs when specific software execution sequences are combined, allowing for the possibility of sensitive information leakage.

Affected Version(s)

All supported processors < unspecified

References

https://www.amd.com/en/corporate/product-security/bulleti...

http://www.openwall.com/lists/oss-security/2023/12/05/3

mailing-list

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 4, 2022
Vulnerability Reserved
May 15, 2020