Amd.comAMD-SB-7006Software based Power Side Channel on AMD CPUs
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
9.1%
**Bulletin ID:**AMD-SB-7006 **Potential Impact:**Information disclosure **Severity:**Low
Summary
A potential leakage of data using software-based power side channels on AMD CPUs was reported to AMD. This issue has also been referred to as ‘Collide + Power’.
CVE Details
Refer to Glossary for explanation of terms
| CVE | Severity | CVE Description |
|---|---|---|
| CVE-2023-20583 | Low | A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information. |
Mitigation
Based on the complex nature of the attack, AMD believes that it is difficult to execute the attack/exploit of this vulnerability in the real-world or outside of a controlled/lab-type environment.
Some mitigations that may be available currently include the performance determinism mode and the core boost disable bit. AMD EPYC™server processors contain a performance determinism mode which can be used to reduce this type of leakage. AMD Ryzen™ client processors support a core boost disable bit that can help reduce the changes in frequency.
Related
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
9.1%