Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amdAmd.comAMD-SB-7006
HistoryAug 01, 2023 - 12:00 a.m.

Software based Power Side Channel on AMD CPUs

2023-08-0100:00:00
amd.com
www.amd.com
12
amd
power side channel
data leakage
cve-2023-20583
mitigation
information disclosure
servers
processors
vulnerability

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:H/Au:S/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

9.0%

JSON

**Bulletin ID:**AMD-SB-7006 **Potential Impact:**Information disclosure **Severity:**Low

Summary

A potential leakage of data using software-based power side channels on AMD CPUs was reported to AMD. This issue has also been referred to as ‘Collide + Power’.

CVE Details

Refer to Glossary for explanation of terms

CVE Severity CVE Description
CVE-2023-20583 Low A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.

Mitigation

Based on the complex nature of the attack, AMD believes that it is difficult to execute the attack/exploit of this vulnerability in the real-world or outside of a controlled/lab-type environment.

Some mitigations that may be available currently include the performance determinism mode and the core boost disable bit. AMD EPYC™server processors contain a performance determinism mode which can be used to reduce this type of leakage. AMD Ryzen™ client processors support a core boost disable bit that can help reduce the changes in frequency.

Related

prion 1
redhatcve 1
nvd 1
cve 1
cvelist 1
thn 3
prion
prion
Design/Logic Flaw
2023-08-01 19:15:00
redhatcve
redhatcve
CVE-2023-20583
2023-08-22 17:49:59
nvd
nvd
CVE-2023-20583
2023-08-01 19:15:09
cve
cve
CVE-2023-20583
2023-08-01 19:15:09
cvelist
cvelist
CVE-2023-20583 Software based Power Side Channel on AMD CPUs
2023-08-01 18:00:43
thn
thn
CacheWarp Attack: New Vulnerability in AMD SEV Exposes Encrypted VMs
2023-11-14 18:40:00
iLeakage: New Safari Exploit Impacts Apple iPhones and Macs with A- and M-Series CPUs
2023-10-26 16:49:00
Collide+Power, Downfall, and Inception: New Side-Channel Attacks Affecting Modern CPUs
2023-08-09 15:39:00

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:H/Au:S/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

9.0%

JSON
Related for AMD-SB-7006
prion1redhatcve1nvd1cve1cvelist1thn3