CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
17.6%
Bulletin ID: AMD-SB-7007 **Potential Impact:**Loss of Confidentiality Severity: Low
External researchers have reported that on some AMD processors a division-by-zero can potentially return speculative data.
Refer to Glossary for explanation of terms
CVE | Severity | CVE Description |
---|---|---|
CVE-2023-20588 | Low | A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. |
AMD EPYC™ 7001 Processors
AMD Athlon™ 3000 Series Processors with Radeon™ Graphics
AMD Ryzen™ 3000 Series Processors with Radeon™ Graphics
AMD Athlon™ PRO 3000 Series Processors with Radeon™ Vega Graphics
AMD Ryzen™ PRO 3000 Series Processors with Radeon™ Vega Graphics
For affected products, AMD recommends following software development best practices. Developers can mitigate this issue by ensuring that no privileged data is used in division operations prior to changing privilege boundaries. AMD believes that the potential impact of this vulnerability is low because it requires local access.
In addition, the data that is potentially leaked may not be privileged, and an attacker does not have control of the division operation which determines that data. We also believe impact is limited to products prior to “Zen 2” based architectures and are not aware of any existing exploits based on this vulnerability.