PRIOn Logo

CVE-2023-20588 Design/Logic Flaw

Routine
Remediate Within 6 Months

CVE Information

Original CVE data

Published:
Updated:

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.

CWE: CWE-369
CVSS v2-
CVSS v35.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007
https://www.debian.org/security/2023/dsa-5480
https://www.debian.org/security/2023/dsa-5492
http://www.openwall.com/lists/oss-security/2023/09/25/3
http://xenbits.xen.org/xsa/advisory-439.html
http://www.openwall.com/lists/oss-security/2023/09/25/4
http://www.openwall.com/lists/oss-security/2023/09/25/8
http://www.openwall.com/lists/oss-security/2023/09/25/5
http://www.openwall.com/lists/oss-security/2023/09/25/7
http://www.openwall.com/lists/oss-security/2023/09/26/8
http://www.openwall.com/lists/oss-security/2023/09/26/9
http://www.openwall.com/lists/oss-security/2023/09/27/1
http://www.openwall.com/lists/oss-security/2023/09/26/5
https://lists.fedoraproject.org/archives/list/[email protected]/message/KJTUVYZMP6BNF342DS3W7XGOGXC6JPN5/
https://lists.fedoraproject.org/archives/list/[email protected]/message/AGZCACEHT6ZZZGG36QQMGROBM4FLWYJX/
http://www.openwall.com/lists/oss-security/2023/10/03/9
http://www.openwall.com/lists/oss-security/2023/10/03/12
http://www.openwall.com/lists/oss-security/2023/10/03/15
http://www.openwall.com/lists/oss-security/2023/10/03/14
http://www.openwall.com/lists/oss-security/2023/10/03/13
http://www.openwall.com/lists/oss-security/2023/10/03/16
http://www.openwall.com/lists/oss-security/2023/10/04/1
http://www.openwall.com/lists/oss-security/2023/10/04/2
http://www.openwall.com/lists/oss-security/2023/10/04/3
http://www.openwall.com/lists/oss-security/2023/10/04/4
https://lists.fedoraproject.org/archives/list/[email protected]/message/DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3/
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
https://security.netapp.com/advisory/ntap-20240531-0005/
Affected Vendors

Amd - (31)

Debian - (1)

Fedoraproject - (1)

Microsoft - (13)

Xen - (1)

Basic Analysis

Common vulnerability metrics

Vulnerabilty type as detected by PRIOnengine

Design/Logic Flaw

CVSS Scores as calculated by PRIOnengine
CVSS v22.1
AV:L/AC:L/AU:N/C:P/I:N/A:N
CVSS v35.5
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
MITRE CWE Top 25

-

Exploits

No exploit code is reported to exist.

Active Exploitation

Vulnerability is not in CISA's Known Exploited Vulnerabilities (KEV) catalog. See the KEV Catalog

Social Network Activity

-

Threat Actor Activity

No sightings of the vulnerability within threat reports.

Cybersecurity Frameworks

How the vulnerability maps against various cybersecurity frameworks

-

Compliance Impact

How the submited vulnerability affects compliance

-

Web Application Security Frameworks

Applicable if the issue likely affects a web application

-