Lucene search

[email protected]CVE-2023-20588

HistoryAug 08, 2023 - 6:15 p.m.

CVE-2023-20588

2023-08-0818:15:11

CWE-369

[email protected]

web.nvd.nist.gov

178

cve-2023-20588

amd processors

division-by-zero error

speculative data leakage

confidentiality loss

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.4 Medium

AI Score

Confidence

High

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

18.7%

JSON

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.

CPENameOperatorVersion
debian:debian_linuxdebian debian linuxeq10.0
debian:debian_linuxdebian debian linuxeq11.0
debian:debian_linuxdebian debian linuxeq12.0

CPE	Name	Operator	Version
debian:debian_linux	debian debian linux	eq	10.0
debian:debian_linux	debian debian linux	eq	11.0
debian:debian_linux	debian debian linux	eq	12.0

References

www.openwall.com/lists/oss-security/2023/09/25/3

www.openwall.com/lists/oss-security/2023/09/25/4

www.openwall.com/lists/oss-security/2023/09/25/5

www.openwall.com/lists/oss-security/2023/09/25/7

www.openwall.com/lists/oss-security/2023/09/25/8

www.openwall.com/lists/oss-security/2023/09/26/5

www.openwall.com/lists/oss-security/2023/09/26/8

www.openwall.com/lists/oss-security/2023/09/26/9

www.openwall.com/lists/oss-security/2023/09/27/1

www.openwall.com/lists/oss-security/2023/10/03/12

www.openwall.com/lists/oss-security/2023/10/03/13

www.openwall.com/lists/oss-security/2023/10/03/14

www.openwall.com/lists/oss-security/2023/10/03/15

www.openwall.com/lists/oss-security/2023/10/03/16

www.openwall.com/lists/oss-security/2023/10/03/9

www.openwall.com/lists/oss-security/2023/10/04/1

www.openwall.com/lists/oss-security/2023/10/04/2

www.openwall.com/lists/oss-security/2023/10/04/3

www.openwall.com/lists/oss-security/2023/10/04/4

xenbits.xen.org/xsa/advisory-439.html

lists.debian.org/debian-lts-announce/2023/10/msg00027.html

lists.fedoraproject.org/archives/list/[email protected]/message/AGZCACEHT6ZZZGG36QQMGROBM4FLWYJX/

lists.fedoraproject.org/archives/list/[email protected]/message/DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3/

lists.fedoraproject.org/archives/list/[email protected]/message/KJTUVYZMP6BNF342DS3W7XGOGXC6JPN5/

www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007

www.debian.org/security/2023/dsa-5480

www.debian.org/security/2023/dsa-5492

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.4 Medium

AI Score

Confidence

High

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

18.7%

JSON

Related for CVE-2023-20588

prion1 osv16 cvelist1 nessus73 debiancve1 amd1 redhatcve1 veracode1 xen1 amazon2 mscve1 ubuntucve1 ubuntu12 openvas57 fedora3 malwarebytes1 oraclelinux4 citrix1 mskb15 qualysblog1 kaspersky2 debian2 rapid7blog1