Vulnerability Description
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedoraproject | Fedora | 37 |
| Debian | Debian Linux | 10.0 |
| Amd | Ryzen 9 5950X Firmware | < comboam4v2pi_1.2.0.b |
| Amd | Ryzen 9 5950X | - |
| Amd | Ryzen 9 5900X Firmware | < comboam4v2pi_1.2.0.b |
| Amd | Ryzen 9 5900X | - |
| Amd | Ryzen 9 5900 Firmware | < comboam4v2pi_1.2.0.b |
| Amd | Ryzen 9 5900 | - |
| Amd | Ryzen 9 Pro 5945 Firmware | < comboam4v2pi_1.2.0.b |
| Amd | Ryzen 9 Pro 5945 | - |
| Amd | Ryzen 7 5800X3D Firmware | < comboam4v2pi_1.2.0.b |
| Amd | Ryzen 7 5800X3D | - |
| Amd | Ryzen 7 5800X Firmware | < comboam4v2pi_1.2.0.b |
| Amd | Ryzen 7 5800X | - |
| Amd | Ryzen 7 5800 Firmware | < comboam4v2pi_1.2.0.b |
| Amd | Ryzen 7 5800 | - |
| Amd | Ryzen 7 5700X Firmware | < comboam4v2pi_1.2.0.b |
| Amd | Ryzen 7 5700X | - |
| Amd | Ryzen 7 Pro 5845 Firmware | < comboam4v2pi_1.2.0.b |
| Amd | Ryzen 7 Pro 5845 | - |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2023/08/08/4Mailing List
- http://xenbits.xen.org/xsa/advisory-434.htmlThird Party Advisory
- https://comsec.ethz.ch/research/microarch/inception/ExploitThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/08/msg00013.htmlMailing List
- https://lists.fedoraproject.org/archives/list/[email protected]Third Party Advisory
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
- https://lists.fedoraproject.org/archives/list/[email protected]Mailing ListThird Party Advisory
- https://security.netapp.com/advisory/ntap-20240605-0006/
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005Vendor Advisory
- https://www.debian.org/security/2023/dsa-5475Third Party Advisory
- http://www.openwall.com/lists/oss-security/2023/08/08/4Mailing List
- http://xenbits.xen.org/xsa/advisory-434.htmlThird Party Advisory
- https://comsec.ethz.ch/research/microarch/inception/ExploitThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/08/msg00013.htmlMailing List
FAQ
What is CVE-2023-20569?
CVE-2023-20569 is a vulnerability with a CVSS score of 4.7 (MEDIUM). A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, po...
How severe is CVE-2023-20569?
CVE-2023-20569 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-20569?
Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora, Debian Debian Linux, Amd Ryzen 9 5950X Firmware, Amd Ryzen 9 5950X, Amd Ryzen 9 5900X Firmware.