CVE-2023-20588

high-risk
Published 2023-08-08

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. 

Do I need to act?

~
7.8% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (20)

Epyc 7571 Firmware
Ryzen 5 Pro 3400G Firmware

Affected Vendors

Debian Microsoft Fedoraproject Xen Amd

References (56)

Mailing List http://www.openwall.com/lists/oss-security/2023/09/25/3
Mailing List http://www.openwall.com/lists/oss-security/2023/09/25/4
Mailing List http://www.openwall.com/lists/oss-security/2023/09/25/5
Mailing List http://www.openwall.com/lists/oss-security/2023/09/25/7
Mailing List http://www.openwall.com/lists/oss-security/2023/09/25/8
Mailing List http://www.openwall.com/lists/oss-security/2023/09/26/5
Mailing List http://www.openwall.com/lists/oss-security/2023/09/26/8
Mailing List http://www.openwall.com/lists/oss-security/2023/09/26/9
Mailing List http://www.openwall.com/lists/oss-security/2023/09/27/1
Mailing List http://www.openwall.com/lists/oss-security/2023/10/03/12
Mailing List http://www.openwall.com/lists/oss-security/2023/10/03/13
Mailing List http://www.openwall.com/lists/oss-security/2023/10/03/14
Mailing List http://www.openwall.com/lists/oss-security/2023/10/03/15
Mailing List http://www.openwall.com/lists/oss-security/2023/10/03/16
Mailing List http://www.openwall.com/lists/oss-security/2023/10/03/9
Mailing List http://www.openwall.com/lists/oss-security/2023/10/04/1
Mailing List http://www.openwall.com/lists/oss-security/2023/10/04/2
Mailing List http://www.openwall.com/lists/oss-security/2023/10/04/3
Mailing List http://www.openwall.com/lists/oss-security/2023/10/04/4
Third Party Advisory http://xenbits.xen.org/xsa/advisory-439.html
and 36 more references
54
/ 100
high-risk
Severity 18/34 · Moderate
Exploitability 10/34 · Low
Exposure 26/34 · High