Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-20592
HistoryNov 14, 2023 - 12:00 a.m.

CVE-2023-20592

2023-11-1400:00:00
ubuntu.com
ubuntu.com
14
amd cpus
hypervisor
cache behavior
guest vm
memory integrity

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

26.1%

Improper or unexpected behavior of the INVD instruction in some AMD CPUs
may allow an attacker with a malicious hypervisor to affect cache line
write-back behavior of the CPU leading to a potential loss of guest virtual
machine (VM) memory integrity.

Notes

Author Note
alexmurray The microcode revisions listed in the AMD advisory AMD-SB-3005 were contained in the upstream commit b250b32ab1d044953af2dc5e790819a7703b7ee6 - this was already provided to the various Ubuntu releases in USN-6319-1 for CVE-2023-20569, as such they are not affected by this CVE.

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

26.1%