1. Home
  2. CVE Database
  3. CVE-2023-20575
MEDIUM · 6.5

CVE-2023-20575

A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM ...

Vulnerability Description

A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
AmdEpyc 7251 Firmware-
AmdEpyc 7251-
AmdEpyc 7281 Firmware-
AmdEpyc 7281-
AmdEpyc 7301 Firmware-
AmdEpyc 7301-
AmdEpyc 7351 Firmware-
AmdEpyc 7351-
AmdEpyc 7351P Firmware-
AmdEpyc 7351P-
AmdEpyc 7401 Firmware-
AmdEpyc 7401-
AmdEpyc 7401P Firmware-
AmdEpyc 7401P-
AmdEpyc 7451 Firmware-
AmdEpyc 7451-
AmdEpyc 7501 Firmware-
AmdEpyc 7501-
AmdEpyc 7551 Firmware-
AmdEpyc 7551-

Related Weaknesses (CWE)

CWE-203

References

FAQ

What is CVE-2023-20575?

CVE-2023-20575 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM ...

How severe is CVE-2023-20575?

CVE-2023-20575 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-20575?

Check the references section above for vendor advisories and patch information. Affected products include: Amd Epyc 7251 Firmware, Amd Epyc 7251, Amd Epyc 7281 Firmware, Amd Epyc 7281, Amd Epyc 7301 Firmware.