1. Home
  2. CVE Database
  3. CVE-2023-20588
MEDIUM · 5.5

CVE-2023-20588

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. 

Vulnerability Description

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. 

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
DebianDebian Linux10.0
AmdEpyc 7351P Firmware-
AmdEpyc 7351P-
AmdEpyc 7401P Firmware-
AmdEpyc 7401P-
AmdEpyc 7551P Firmware-
AmdEpyc 7551P-
AmdEpyc 7251 Firmware-
AmdEpyc 7251-
AmdEpyc 7261 Firmware-
AmdEpyc 7261-
AmdEpyc 7281 Firmware-
AmdEpyc 7281-
AmdEpyc 7301 Firmware-
AmdEpyc 7301-
AmdEpyc 7351 Firmware-
AmdEpyc 7351-
AmdEpyc 7371 Firmware-
AmdEpyc 7371-
AmdEpyc 7401 Firmware-

Related Weaknesses (CWE)

CWE-369

References

FAQ

What is CVE-2023-20588?

CVE-2023-20588 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. 

How severe is CVE-2023-20588?

CVE-2023-20588 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-20588?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Amd Epyc 7351P Firmware, Amd Epyc 7351P, Amd Epyc 7401P Firmware, Amd Epyc 7401P.