CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
35.1%
**Bulletin ID:**AMD-SB-7008 **Potential Impact:**Information disclosure **Severity:**Medium
Under specific microarchitectural circumstances, a register in “Zen 2” CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register, which may allow an attacker to potentially access sensitive information.
Refer to Glossary for explanation of terms
CVE | Severity | CVE Description |
---|---|---|
CVE-2023-20593 | Medium | An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. |
AMD recommends applying the µcode patch listed below for AMD EPYC™ 7002 Processors, and applying BIOS updates that include the following AGESA™ firmware versions for other affected products. AMD plans to release to the Original Equipment Manufacturers (OEM) the AGESA™ versions on the target dates listed below. Please refer to your OEM for the BIOS update specific to your product.
DATA CENTER
Mitigation details
Update to versions listed or higher|2nd Gen AMD EPYC™ Processors
(Formerly codenamed)
“Rome”
—|—
µcode****| 0x0830107B
(2023-06-06)
AGESA™ firmware****| RomePI 1.0.0.H
(2023-11-07)
DESKTOP
Mitigation details
Update to versions listed or higher|AMD Ryzen™ 3000 Series Desktop Processors
(Formerly codenamed)
“Matisse”|
AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
(Formerly codenamed)
“Renoir” AM4
—|—|—
AGESA™ firmware ****|
ComboAM4v2PI
1.2.0.C
(2024-02-07)
ComboAM4PI
1.0.0.B
(2024-03-20)|
ComboAM4v2PI
1.2.0.Ca
(2024-03-14)
HIGH END DESKTOP (HEDT)
Mitigation details
Update to versions listed or higher|
AMD Ryzen™ Threadripper™ 3000 Series Processors
(Formerly codenamed)
“Castle Peak” HEDT
—|—
AGESA™ firmware| CastlePeakPI-SP3r3 1.0.0.A
(2023-11-21)
WORKSTATION
Mitigation details
Update to versions listed or higher|
AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
(Formerly codenamed)
“Castle Peak” WS SP3
—|—
AGESA™ firmware****|
CastlePeakWSPI-sWRX8 1.0.0.C
(2023-11-29)
ChagallWSPI-sWRX8 1.0.0.7
(2024-01-11)
MOBILE - AMD Ryzen™ Series
Mitigation details
Update to versions listed or higher|
AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
(Formerly codenamed)
“Lucienne”|
AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
(Formerly codenamed)
“Renoir”|AMD Ryzen™ 7020 Series Processors
(Formerly codenamed)
“Mendocino” FT6
—|—|—|—
AGESA™ firmware****| CezannePI-FP6
1.0.1.0
(2024-01-25)| RenoirPI-FP6
1.0.0.D
(2024-02-29)| MendocinoPI-FT6
1.0.0.6
(2024-01-03)
Mitigation details
Update to versions listed or higher|
AMD EPYC™ Embedded 7002
—|—
AGESA™ firmware| EmbRomePI-SP3
1.0.0.B
(2023-12-15)
Mitigation details
Update to versions listed or higher|
AMD Ryzen™ Embedded V2000
—|—
AGESA™ firmware| EmbeddedPI-FP6
1.0.0.9
(2024-04-15)