4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
9.1%
**Bulletin ID:**AMD-SB-7006 **Potential Impact:**Information disclosure **Severity:**Low
A potential leakage of data using software-based power side channels on AMD CPUs was reported to AMD. This issue has also been referred to as ‘Collide + Power’.
Refer to Glossary for explanation of terms
CVE | Severity | CVE Description |
---|---|---|
CVE-2023-20583 | Low | A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information. |
Based on the complex nature of the attack, AMD believes that it is difficult to execute the attack/exploit of this vulnerability in the real-world or outside of a controlled/lab-type environment.
Some mitigations that may be available currently include the performance determinism mode and the core boost disable bit. AMD EPYC™server processors contain a performance determinism mode which can be used to reduce this type of leakage. AMD Ryzen™ client processors support a core boost disable bit that can help reduce the changes in frequency.