Data Leakage Vulnerability in AMD CPUs Due to Non-Canonical Address Execution
CVE-2020-12965

7.5HIGH

Key Information:

Vendor: Amd
Status: All Supported Processors
Vendor: CVE Published:; 4 February 2022

What is CVE-2020-12965?

Certain AMD CPUs may transiently execute non-canonical loads and store operations using only the lower 48 bits of the address space, which can potentially lead to the unintended exposure of sensitive data. This behavior occurs when specific software execution sequences are combined, allowing for the possibility of sensitive information leakage.

Affected Version(s)

All supported processors < unspecified

References

https://www.amd.com/en/corporate/product-security/bulleti...

http://www.openwall.com/lists/oss-security/2023/12/05/3

mailing-list

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 4, 2022
Vulnerability Reserved
May 15, 2020

Amd

What is CVE-2020-12965?

Affected Version(s)

References

CVSS V3.1

Timeline