CVE-2023-20593 — MEDIUM (5.5)

Vulnerability Description

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Xen	Xen	4.14.0
Debian	Debian Linux	10.0
Amd	Ryzen 3 3100 Firmware	-
Amd	Ryzen 3 3100	-
Amd	Ryzen 3 3300X Firmware	-
Amd	Ryzen 3 3300X	-
Amd	Ryzen 5 3500 Firmware	-
Amd	Ryzen 5 3500	-
Amd	Ryzen 5 3500X Firmware	-
Amd	Ryzen 5 3500X	-
Amd	Ryzen 5 3600 Firmware	-
Amd	Ryzen 5 3600	-
Amd	Ryzen 5 3600X Firmware	-
Amd	Ryzen 5 3600X	-
Amd	Ryzen 5 3600Xt Firmware	-
Amd	Ryzen 5 3600Xt	-
Amd	Ryzen 7 3700X Firmware	-
Amd	Ryzen 7 3700X	-
Amd	Ryzen 7 3800X Firmware	-
Amd	Ryzen 7 3800X	-

Related Weaknesses (CWE)

CWE-209

References

http://seclists.org/fulldisclosure/2023/Jul/43Not Applicable
http://www.openwall.com/lists/oss-security/2023/07/24/3Mailing List
http://www.openwall.com/lists/oss-security/2023/07/25/1Mailing List
http://www.openwall.com/lists/oss-security/2023/07/25/12Mailing List
http://www.openwall.com/lists/oss-security/2023/07/25/13Mailing List
http://www.openwall.com/lists/oss-security/2023/07/25/14Mailing List
http://www.openwall.com/lists/oss-security/2023/07/25/15Mailing List
http://www.openwall.com/lists/oss-security/2023/07/25/16Mailing List
http://www.openwall.com/lists/oss-security/2023/07/25/17Mailing List
http://www.openwall.com/lists/oss-security/2023/07/25/5Mailing List
http://www.openwall.com/lists/oss-security/2023/07/25/6Mailing List
http://www.openwall.com/lists/oss-security/2023/07/26/1Mailing ListMitigationPatch
http://www.openwall.com/lists/oss-security/2023/07/31/2Mailing ListMitigationPatch
http://www.openwall.com/lists/oss-security/2023/08/08/6
http://www.openwall.com/lists/oss-security/2023/08/08/7

FAQ

What is CVE-2023-20593?

CVE-2023-20593 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.

How severe is CVE-2023-20593?

CVE-2023-20593 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-20593?

Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen, Debian Debian Linux, Amd Ryzen 3 3100 Firmware, Amd Ryzen 3 3100, Amd Ryzen 3 3300X Firmware.