Amd.comAMD-SB-7008Cross-Process Information Leak
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
7 High
AI Score
Confidence
High
1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
21.3%
**Bulletin ID:**AMD-SB-7008 **Potential Impact:**Information disclosure **Severity:**Medium
Summary
Under specific microarchitectural circumstances, a register in “Zen 2” CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register, which may allow an attacker to potentially access sensitive information.
CVE Details
Refer to Glossary for explanation of terms
| CVE | Severity | CVE Description |
|---|---|---|
| CVE-2023-20593 | Medium | An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. |
Mitigation
AMD recommends applying the µcode patch listed below for AMD EPYC™ 7002 Processors, and applying BIOS updates that include the following AGESA™ firmware versions for other affected products. AMD plans to release to the Original Equipment Manufacturers (OEM) the AGESA™ versions on the target dates listed below. Please refer to your OEM for the BIOS update specific to your product.
DATA CENTER
Mitigation details
Update to versions listed or higher|2nd Gen AMD EPYC™ Processors
(Formerly codenamed)
“Rome”
—|—
µcode****|
0x0830107A
AGESA™ firmware****| RomePI 1.0.0.H
(2023-11-07)
DESKTOP
Mitigation details
Update to versions listed or higher|AMD Ryzen™ 3000 Series Desktop Processors
(Formerly codenamed)
“Matisse”|
AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
(Formerly codenamed)
“Renoir” AM4
—|—|—
AGESA™ firmware ****|
ComboAM4v2PI_1.2.0.C
1.2.0.C
(2024-02-07)
ComboAM4PI
1.0.0.B
(Target March 2024)|
ComboAM4v2PI_1.2.0.C
(2024-02-07)
HIGH END DESKTOP (HEDT)
Mitigation details
Update to versions listed or higher|
AMD Ryzen™ Threadripper™ 3000 Series Processors
(Formerly codenamed)
“Castle Peak” HEDT
—|—
AGESA™ firmware| CastlePeakPI-SP3r3 1.0.0.A
(2023-11-21)
WORKSTATION
Mitigation details
Update to versions listed or higher|
AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors
(Formerly codenamed)
“Castle Peak” WS SP3
—|—
AGESA™ firmware****|
CastlePeakWSPI-sWRX8 1.0.0.C
(2023-11-29)
ChagallWSPI-sWRX8 1.0.0.7
(2024-01-11)
MOBILE - AMD Ryzen™ Series
Mitigation details
Update to versions listed or higher|
AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics
(Formerly codenamed)
“Lucienne”|
AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics
(Formerly codenamed)
“Renoir”|AMD Ryzen™ 7020 Series Processors
(Formerly codenamed)
“Mendocino” FT6
—|—|—|—
AGESA™ firmware****| CezannePI-FP6
1.0.1.0
(2024-01-25)| RenoirPI-FP6
1.0.0.D
(Target Feb 2024)| MendocinoPI-FT6
1.0.0.6
(2024-01-03)
Embedded
Mitigation details
Update to versions listed or higher|
AMD EPYC™ Embedded 7002
—|—
AGESA™ firmware| EmbRomePI-SP3
1.0.0.B
(2023-12-15)
Embedded
Mitigation details
Update to versions listed or higher|
AMD Ryzen™ Embedded V2000
—|—
AGESA™ firmware| EmbeddedPI-FP6
1.0.0.9
(Target April 2024)
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
7 High
AI Score
Confidence
High
1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
21.3%