Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-20569

Опубликовано: 08 авг. 2023
Источник: debian
EPSS Низкий

Описание

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
amd64-microcodefixed3.20230719.1package
amd64-microcodefixed3.20230719.1~deb12u1bookwormpackage
amd64-microcodefixed3.20230719.1~deb11u1bullseyepackage
amd64-microcodefixed3.20230719.1~deb10u1busterpackage
linuxfixed6.4.4-3package
linuxignoredbusterpackage

Примечания

  • SRSO microcode for Milan (Zen3 EPYC):

  • https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/amd-ucode?id=b250b32ab1d044953af2dc5e790819a7703b7ee6

  • 3.20230719.1 ships the first batch of fixes, only for 3nd gen EPYC CPUs (Milan),

  • further update for 4th gen EPYC CPUs to follow in later releases.

  • Updated microcode for 4th gen EPYC CPUs Genoa (Family=0x19 Model=0x11) and

  • Bergamo (Family=0x19 Model=0xa0) with (cf: https://bugs.debian.org/1043381):

  • https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=f2eb058afc57348cde66852272d6bf11da1eef8f

  • 3.20230808.1.1 ships this second batch of fixes for 4th gen EPYC CPUs.

  • https://comsec.ethz.ch/research/microarch/inception/

  • https://comsec.ethz.ch/wp-content/files/inception_sec23.pdf

  • https://github.com/comsec-group/inception

  • https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-7005

  • https://www.amd.com/content/dam/amd/en/documents/corporate/cr/speculative-return-stack-overflow-whitepaper.pdf

  • https://www.openwall.com/lists/oss-security/2023/08/08/4

EPSS

Процентиль: 69%
0.00633
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-20569

CVSS3: 4.7
ubuntu
почти 2 года назад

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.

redhat логотип

CVE-2023-20569

CVSS3: 5.6
redhat
почти 2 года назад

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.

nvd логотип

CVE-2023-20569

CVSS3: 4.7
nvd
почти 2 года назад

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.

msrc логотип

CVE-2023-20569

msrc
почти 2 года назад

AMD: CVE-2023-20569 Return Address Predictor

suse-cvrf логотип

SUSE-SU-2023:3389-1

suse-cvrf
почти 2 года назад

Security update for kernel-firmware

EPSS

Процентиль: 69%
0.00633
Низкий