4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:H/Au:S/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
8.9%
A side channel vulnerability on some of the AMD CPUs may allow an attacker
to influence the return address prediction. This may result in speculative
execution at an attacker-controlled address, potentially leading to
information disclosure.
Author | Note |
---|---|
Priority reason: Unprivileged local attackers may use this vulnerability to extract confidential data. | |
alexmurray | The listed microcode revisions for 3rd Gen AMD EPYC processors in AMD-SB-7005 were provided to the upstream linux-firmware repo in commit b250b32ab1d044953af2dc5e790819a7703b7ee6 whilst the 4th Gen microcode was provided in commit f2eb058afc57348cde66852272d6bf11da1eef8f. This is not planned to be fixed for the amd64-microcode package in Ubuntu 14.04 as that release was already outside of the LTS timeframe when this hardware platform was launched. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | amd64-microcode | <Â 3.20191021.1+really3.20181128.1~ubuntu0.18.04.1+esm2) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 20.04 | noarch | amd64-microcode | <Â 3.20191218.1ubuntu1.2 | UNKNOWN |
ubuntu | 22.04 | noarch | amd64-microcode | <Â 3.20191218.1ubuntu2.2 | UNKNOWN |
ubuntu | 23.04 | noarch | amd64-microcode | <Â 3.20220411.1ubuntu3.2 | UNKNOWN |
ubuntu | 23.10 | noarch | amd64-microcode | <Â 3.20230808.1.1ubuntu1 | UNKNOWN |
ubuntu | 24.04 | noarch | amd64-microcode | <Â 3.20230808.1.1ubuntu1 | UNKNOWN |
ubuntu | 16.04 | noarch | amd64-microcode | <Â 3.20191021.1+really3.20180524.1~ubuntu0.16.04.2+esm2) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 18.04 | noarch | linux | <Â any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | <Â any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | <Â 5.15.0-86.96 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2023-20569
lore.kernel.org/linux-firmware/[email protected]/T/#meaa8272d3d5799ffebc729eeaaabb3a14d32665f
nvd.nist.gov/vuln/detail/CVE-2023-20569
security-tracker.debian.org/tracker/CVE-2023-20569
ubuntu.com/security/notices/USN-6319-1
ubuntu.com/security/notices/USN-6412-1
ubuntu.com/security/notices/USN-6415-1
ubuntu.com/security/notices/USN-6416-1
ubuntu.com/security/notices/USN-6416-2
ubuntu.com/security/notices/USN-6416-3
ubuntu.com/security/notices/USN-6445-1
ubuntu.com/security/notices/USN-6445-2
ubuntu.com/security/notices/USN-6466-1
www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html
www.cve.org/CVERecord?id=CVE-2023-20569
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:H/Au:S/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
8.9%