CVE-2020-12965

high-risk

Published 2022-02-04

When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage.

Do I need to act?

0.38% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (20)

Ryzen Pro 5650G Firmware

Ryzen Pro 5650Ge Firmware

Ryzen Pro 5750G Firmware

Ryzen Pro 5750Ge Firmware

Ryzen Pro 5350G Firmware

Ryzen Pro 5350Ge Firmware

Ryzen Pro 4750G Firmware

Ryzen Pro 4750Ge Firmware

Ryzen Pro 4650G Firmware

Ryzen Pro 4650Ge Firmware

Ryzen Pro 4350G Firmware

Ryzen Pro 4350Ge Firmware

Ryzen Pro 3900 Firmware

Ryzen Pro 3700 Firmware

Ryzen Pro 3600 Firmware

Ryzen Pro 3400G Firmware

Ryzen Pro 3400Ge Firmware

Ryzen Pro 3350G Firmware

Ryzen Pro 3200G Firmware

Ryzen Pro 3200Ge Firmware

Affected Vendors

Amd

References (4)

http://www.openwall.com/lists/oss-security/2023/12/05/3

Mitigation https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1010

http://www.openwall.com/lists/oss-security/2023/12/05/3

Mitigation https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1010

/ 100

high-risk

Severity 26/34 · High

Exploitability 1/34 · Minimal

Exposure 27/34 · High