CVE-2023-20588

CVSS V2 None CVSS V3 None

Description

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.

Overview

CVE ID
CVE-2023-20588

Assigner
psirt@amd.com

Vulnerability Status
Analyzed

Published Version
2023-08-08T18:15:11

Last Modified Date
2023-08-21T17:24:22

Weakness Enumerations

CWE	URL
CWE-369	http://cwe.mitre.org/data/definitions/369.html

CPE Configuration (Product)

CPE	Vulnerable	Operator
cpe:2.3:o:debian:debian_linux:11.0:::::::*	1	OR
		AND
cpe:2.3:o:amd:epyc_7351p_firmware:-:::::::*	1	OR
cpe:2.3:h:amd:epyc_7351p:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7401p_firmware:-:::::::*	1	OR
cpe:2.3:h:amd:epyc_7401p:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7551p_firmware:-:::::::*	1	OR
cpe:2.3:h:amd:epyc_7551p:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7251_firmware:-:::::::*	1	OR
cpe:2.3:h:amd:epyc_7251:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7261_firmware:-:::::::*	1	OR
cpe:2.3:h:amd:epyc_7261:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7281_firmware:-:::::::*	1	OR
cpe:2.3:h:amd:epyc_7281:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7301_firmware:-:::::::*	1	OR
cpe:2.3:h:amd:epyc_7301:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7351_firmware:-:::::::*	1	OR
cpe:2.3:h:amd:epyc_7351:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7371_firmware:-:::::::*	1	OR
cpe:2.3:h:amd:epyc_7371:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7401_firmware:-:::::::*	1	OR
cpe:2.3:h:amd:epyc_7401:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7451_firmware:-:::::::*	1	OR
cpe:2.3:h:amd:epyc_7451:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7501_firmware:-:::::::*	1	OR
cpe:2.3:h:amd:epyc_7501:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7551_firmware:-:::::::*	1	OR
cpe:2.3:h:amd:epyc_7551:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7571_firmware:-:::::::*	1	OR
cpe:2.3:h:amd:epyc_7571:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:epyc_7601_firmware:-:::::::*	1	OR
cpe:2.3:h:amd:epyc_7601:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:ryzen_5_pro_3400g_firmware:-:::::::*	1	OR
cpe:2.3:h:amd:ryzen_5_pro_3400g:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:ryzen_5_3400g_firmware:-:::::::*	1	OR
cpe:2.3:h:amd:ryzen_5_3400g:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:ryzen_5_pro_3400ge_firmware:-:::::::*	1	OR
cpe:2.3:h:amd:ryzen_5_pro_3400ge:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:ryzen_5_pro_3350g_firmware:-:::::::*	1	OR
cpe:2.3:h:amd:ryzen_5_pro_3350g:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:ryzen_5_pro_3350ge_firmware:-:::::::*	1	OR
cpe:2.3:h:amd:ryzen_5_pro_3350ge:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:ryzen_3_pro_3200g_firmware:-:::::::*	1	OR
cpe:2.3:h:amd:ryzen_3_pro_3200g:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:ryzen_3_3200g_firmware:-:::::::*	1	OR
cpe:2.3:h:amd:ryzen_3_3200g:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:ryzen_3_3200ge_firmware:-:::::::*	1	OR
cpe:2.3:h:amd:ryzen_3_3200ge:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:ryzen_3_pro_3200ge_firmware:-:::::::*	1	OR
cpe:2.3:h:amd:ryzen_3_pro_3200ge:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:athlon_pro_300ge_firmware:-:::::::*	1	OR
cpe:2.3:h:amd:athlon_pro_300ge:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:athlon_gold_3150ge_firmware:-:::::::*	1	OR
cpe:2.3:h:amd:athlon_gold_3150ge:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:athlon_gold_pro_3150ge_firmware:-:::::::*	1	OR
cpe:2.3:h:amd:athlon_gold_pro_3150ge:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:athlon_gold_3150g_firmware:-:::::::*	1	OR
cpe:2.3:h:amd:athlon_gold_3150g:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:athlon_gold_pro_3150g_firmware:-:::::::*	1	OR
cpe:2.3:h:amd:athlon_gold_pro_3150g:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:athlon_silver_3050ge_firmware:-:::::::*	1	OR
cpe:2.3:h:amd:athlon_silver_3050ge:-:::::::*	0	OR
		AND
cpe:2.3:o:amd:athlon_silver_pro_3125ge_firmware:-:::::::*	1	OR
cpe:2.3:h:amd:athlon_silver_pro_3125ge:-:::::::*	0	OR

References

Reference URL	Reference Tags
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007	Vendor Advisory
https://www.debian.org/security/2023/dsa-5480	Third Party Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-20588
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20588

History

Created	Old Value	New Value	Data Type	Notes
2023-09-06 03:14:54				Added to TrackCVE
2023-09-06 03:14:57			Weakness Enumeration	new