CVE-2023-20588

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://www.openwall.com/lists/oss-security/2023/09/25/3	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/25/4	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/25/5	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/25/7	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/25/8	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/26/5	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/26/8	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/26/9	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/27/1	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/03/12	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/03/13	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/03/14	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/03/15	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/03/16	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/03/9	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/04/1	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/04/2	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/04/3	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/04/4	Mailing List Third Party Advisory
http://xenbits.xen.org/xsa/advisory-439.html	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZCACEHT6ZZZGG36QQMGROBM4FLWYJX/	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3/	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJTUVYZMP6BNF342DS3W7XGOGXC6JPN5/	Mailing List
https://security.netapp.com/advisory/ntap-20240531-0005/
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007	Vendor Advisory
https://www.debian.org/security/2023/dsa-5480	Third Party Advisory
https://www.debian.org/security/2023/dsa-5492	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*
	cpe:2.3:o:debian:debian_linux:12.0:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:amd:epyc_7351p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7351p:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:amd:epyc_7401p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7401p:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:amd:epyc_7551p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7551p:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:amd:epyc_7251_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7251:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:amd:epyc_7261_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7261:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:amd:epyc_7281_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7281:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:amd:epyc_7301_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7301:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:amd:epyc_7351_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7351:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:amd:epyc_7371_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7371:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:amd:epyc_7401_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7401:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:amd:epyc_7451_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7451:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:amd:epyc_7501_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7501:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:amd:epyc_7551_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7551:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:amd:epyc_7571_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7571:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:amd:epyc_7601_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:epyc_7601:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:amd:ryzen_5_pro_3400g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5_pro_3400g:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:amd:ryzen_5_3400g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5_3400g:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:amd:ryzen_5_pro_3400ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5_pro_3400ge:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:amd:ryzen_5_pro_3350g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5_pro_3350g:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:amd:ryzen_5_pro_3350ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5_pro_3350ge:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:amd:ryzen_3_pro_3200g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3_pro_3200g:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:amd:ryzen_3_3200g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3_3200g:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:amd:ryzen_3_3200ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3_3200ge:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:amd:ryzen_3_pro_3200ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_3_pro_3200ge:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:amd:athlon_pro_300ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:athlon_pro_300ge:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:amd:athlon_gold_3150ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:athlon_gold_3150ge:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:amd:athlon_gold_pro_3150ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:athlon_gold_pro_3150ge:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:amd:athlon_gold_3150g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:athlon_gold_3150g:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:amd:athlon_gold_pro_3150g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:athlon_gold_pro_3150g:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND

cpe:2.3:o:amd:athlon_silver_3050ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:athlon_silver_3050ge:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND

cpe:2.3:o:amd:athlon_silver_pro_3125ge_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:amd:athlon_silver_pro_3125ge:-:*:*:*:*:*:*:*

Configuration 33 (hide)

cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*

Configuration 34 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:37:::::::*
	cpe:2.3:o:fedoraproject:fedora:38:::::::*
	cpe:2.3:o:fedoraproject:fedora:39:::::::*

Configuration 35 (hide)

OR	cpe:2.3:o:microsoft:windows_10_1507::::::::
	cpe:2.3:o:microsoft:windows_10_1607::::::::
	cpe:2.3:o:microsoft:windows_10_1809::::::::
	cpe:2.3:o:microsoft:windows_10_21h2::::::::
	cpe:2.3:o:microsoft:windows_10_22h2::::::::
	cpe:2.3:o:microsoft:windows_11_21h2::::::::
	cpe:2.3:o:microsoft:windows_11_22h2::::::::
	cpe:2.3:o:microsoft:windows_11_23h2::::::::
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2::::::
	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::x64:*
	cpe:2.3:o:microsoft:windows_server_2012:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*
	cpe:2.3:o:microsoft:windows_server_2016::::::::
	cpe:2.3:o:microsoft:windows_server_2019::::::::
	cpe:2.3:o:microsoft:windows_server_2022_23h2::::::::

History

No history.

Information

Published : 2023-08-08 18:15

Updated : 2024-06-10 18:15

NVD link : CVE-2023-20588

Mitre link : CVE-2023-20588

CVE.ORG link : CVE-2023-20588

JSON object : View

Products Affected

amd

ryzen_3_3200g_firmware
ryzen_3_pro_3200g_firmware
athlon_gold_3150ge_firmware
epyc_7551_firmware
ryzen_3_3200ge
epyc_7261
epyc_7251
epyc_7351
epyc_7261_firmware
epyc_7371_firmware
epyc_7401p_firmware
ryzen_5_pro_3350g
epyc_7501_firmware
epyc_7601
epyc_7401p
epyc_7281_firmware
athlon_gold_pro_3150ge
ryzen_3_pro_3200g
epyc_7451
epyc_7601_firmware
athlon_gold_pro_3150g_firmware
epyc_7451_firmware
epyc_7351p_firmware
ryzen_5_3400g_firmware
epyc_7401_firmware
epyc_7551p_firmware
epyc_7371
athlon_gold_pro_3150g
epyc_7551p
epyc_7571_firmware
ryzen_5_pro_3400ge_firmware
athlon_pro_300ge_firmware
epyc_7301_firmware
epyc_7351_firmware
epyc_7401
ryzen_5_3400g
ryzen_3_pro_3200ge_firmware
epyc_7351p
athlon_silver_pro_3125ge
athlon_gold_3150g
ryzen_5_pro_3350ge
ryzen_3_3200g
ryzen_5_pro_3400ge
ryzen_3_pro_3200ge
epyc_7301
ryzen_5_pro_3400g_firmware
athlon_gold_3150g_firmware
athlon_gold_pro_3150ge_firmware
ryzen_5_pro_3350ge_firmware
athlon_pro_300ge
epyc_7571
athlon_silver_3050ge
epyc_7281
ryzen_5_pro_3350g_firmware
epyc_7551
ryzen_5_pro_3400g
athlon_gold_3150ge
athlon_silver_pro_3125ge_firmware
ryzen_3_3200ge_firmware
epyc_7501
epyc_7251_firmware
athlon_silver_3050ge_firmware

microsoft

windows_10_21h2
windows_server_2022_23h2
windows_server_2016
windows_11_21h2
windows_10_22h2
windows_11_23h2
windows_10_1607
windows_10_1507
windows_server_2008
windows_10_1809
windows_11_22h2
windows_server_2019
windows_server_2012

debian

debian_linux

xen

fedoraproject

fedora

CWE

CWE-369

Divide By Zero

5.5 /10