Lucene search

K
amdAmd.comAMD-SB-7007
HistoryAug 08, 2023 - 12:00 a.m.

Speculative Leaks Security Notice

2023-08-0800:00:00
amd.com
www.amd.com
29
amd
speculative data leak
confidentiality
amd processors
division-by-zero
vulnerability
mitigation
zen 2
data security

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

17.6%

Bulletin ID: AMD-SB-7007 **Potential Impact:**Loss of Confidentiality Severity: Low

Summary

External researchers have reported that on some AMD processors a division-by-zero can potentially return speculative data.

CVE Details

Refer to Glossary for explanation of terms

CVE Severity CVE Description
CVE-2023-20588 Low A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.

Affected Products

Datacenter

AMD EPYC™ 7001 Processors

Desktop

AMD Athlon™ 3000 Series Processors with Radeon™ Graphics
AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics

Mobile

AMD Athlon™ PRO 3000 Series Processors with Radeon™ Vega Graphics
AMD Ryzen™ PRO 3000 Series Processors with Radeon™ Vega Graphics

Mitigation

For affected products, AMD recommends following software development best practices. Developers can mitigate this issue by ensuring that no privileged data is used in division operations prior to changing privilege boundaries. AMD believes that the potential impact of this vulnerability is low because it requires local access.

In addition, the data that is potentially leaked may not be privileged, and an attacker does not have control of the division operation which determines that data. We also believe impact is limited to products prior to “Zen 2” based architectures and are not aware of any existing exploits based on this vulnerability.

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

17.6%