CVE-2023-20575 — Observable Discrepancy in AMD 1ST GEN AMD Epyc Processors

CWE-203 — Observable Discrepancy5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 36.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMD 1ST GEN AMD Epyc Processors AMD 2ND GEN AMD Epyc Processors AMD 3RD GEN AMD Epyc Processors +1 more

Timeline

PublishedJul 11

Description

A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5amd/1st_gen_amd_epyc_processorsvarious

▶CVEListV5amd/2nd_gen_amd_epyc_processorsvarious

▶CVEListV5amd/3rd_gen_amd_epyc_processorsvarious

▶CVEListV5amd/4th_gen_amd_epyc_processorsVarious

🔴Vulnerability Details

GHSA

GHSA-mg79-3wxp-f4x4: A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to mo↗2023-07-11

▶

CVEList

CVE-2023-20575: A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to mo↗2023-07-11

▶

📋Vendor Advisories

Red Hat

hw: amd: SEV VM Power Side Channel Security Notice↗2023-07-11

▶

💬Community

Bugzilla

CVE-2023-20575 hw: amd: SEV VM Power Side Channel Security Notice↗2023-06-27

▶