Side Channel Vulnerability Affecting AMD Processors
CVE-2023-20569

4.7MEDIUM

Key Information:

Vendor: Amd
Status: Ryzen™ 3000 Series Desktop Processors; Ryzen™ Pro 3000 Series Desktop Processors; Ryzen™ 3000 Series Desktop Processors With Radeon™ Graphics; Ryzen™ Pro 3000 Series Processors With Radeon™ Vega Graphics
Vendor: CVE Published:; 8 August 2023

Summary

A side channel vulnerability has been identified in certain AMD CPUs, enabling attackers to manipulate the return address prediction. This flaw can result in speculative execution at addresses controlled by the attacker, which may lead to unauthorized information disclosure. It highlights the critical need for robust defensive measures to mitigate potential risks associated with speculative execution on affected processors.

Affected Version(s)

1st Gen AMD EPYC™ Processors x86 various

Ryzen™ Threadripper™ 5000 Series Processors x86 various

2nd Gen AMD EPYC™ Processors x86 various

References

https://www.amd.com/en/corporate/product-security/bulleti...

vendor-advisory

http://xenbits.xen.org/xsa/advisory-434.html

http://www.openwall.com/lists/oss-security/2023/08/08/4

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2023
Vulnerability Reserved
Oct 27, 2022