Lucene search

K
amdAmd.comAMD-SB-7006
HistoryAug 01, 2023 - 12:00 a.m.

Software based Power Side Channel on AMD CPUs

2023-08-0100:00:00
amd.com
www.amd.com
12
amd
power side channel
data leakage
cve-2023-20583
mitigation
information disclosure
servers
processors
vulnerability

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:H/Au:S/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

9.0%

**Bulletin ID:**AMD-SB-7006 **Potential Impact:**Information disclosure **Severity:**Low

Summary

A potential leakage of data using software-based power side channels on AMD CPUs was reported to AMD. This issue has also been referred to as ‘Collide + Power’.

CVE Details

Refer to Glossary for explanation of terms

CVE Severity CVE Description
CVE-2023-20583 Low A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.

Mitigation

Based on the complex nature of the attack, AMD believes that it is difficult to execute the attack/exploit of this vulnerability in the real-world or outside of a controlled/lab-type environment.

Some mitigations that may be available currently include the performance determinism mode and the core boost disable bit. AMD EPYC™server processors contain a performance determinism mode which can be used to reduce this type of leakage. AMD Ryzen™ client processors support a core boost disable bit that can help reduce the changes in frequency.

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:H/Au:S/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

9.0%