Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.7
CVSSv3

CVE-2023-20569

Published: 08/08/2023 Updated: 11/04/2024
CVSS v3 Base Score: 4.7 | Impact Score: 3.6 | Exploitability Score: 1
VMScore: 0
Subscribe to Fedoraproject

Vulnerability Summary

A side channel vulnerability on some of the AMD CPUs may allow an malicious user to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

fedoraproject fedora 37

fedoraproject fedora 38

debian debian linux 10.0

debian debian linux 11.0

debian debian linux 12.0

amd ryzen_9_5950x_firmware

amd ryzen_9_5900x_firmware

amd ryzen_9_5900_firmware

amd ryzen_9_pro_5945_firmware

amd ryzen_7_5800x3d_firmware

amd ryzen_7_5800x_firmware

amd ryzen_7_5800_firmware

amd ryzen_7_5700x_firmware

amd ryzen_7_pro_5845_firmware

amd ryzen_5_5600x3d_firmware

amd ryzen_5_5600x_firmware

amd ryzen_5_5600_firmware

amd ryzen_5_pro_5645_firmware

amd ryzen_7_5700_firmware

amd ryzen_5_5500_firmware

amd ryzen_3_5100_firmware

amd ryzen_7_5700g_firmware

amd ryzen_7_5700ge_firmware

amd ryzen_5_5600g_firmware

amd ryzen_5_5600ge_firmware

amd ryzen_3_5300g_firmware

amd ryzen_3_5300ge_firmware

amd ryzen_9_7950x3d_firmware

amd ryzen_9_7950x_firmware

amd ryzen_9_7900x3d_firmware

amd ryzen_9_7900x_firmware

amd ryzen_9_7900_firmware

amd ryzen_9_pro_7945_firmware

amd ryzen_7_7800x3d_firmware

amd ryzen_7_7700x_firmware

amd ryzen_7_7700_firmware

amd ryzen_7_pro_7745_firmware

amd ryzen_5_7600x_firmware

amd ryzen_5_7600_firmware

amd ryzen_5_pro_7645_firmware

amd ryzen_5_7500f_firmware

amd ryzen_threadripper_pro_5995wx_firmware

amd ryzen_threadripper_pro_5975wx_firmware

amd ryzen_threadripper_pro_5965wx_firmware

amd ryzen_threadripper_pro_5955wx_firmware

amd ryzen_threadripper_pro_5945wx_firmware

amd ryzen_7_5700u_firmware

amd ryzen_5_5500u_firmware

amd ryzen_3_5300u_firmware

amd ryzen_9_5980hx_firmware

amd ryzen_9_5980hs_firmware

amd ryzen_9_5900hx_firmware

amd ryzen_9_5900hs_firmware

amd ryzen_7_5800h_firmware

amd ryzen_7_5800hs_firmware

amd ryzen_7_5825u_firmware

amd ryzen_7_5800u_firmware

amd ryzen_5_5600h_firmware

amd ryzen_5_5600hs_firmware

amd ryzen_5_5625u_firmware

amd ryzen_5_5600u_firmware

amd ryzen_5_5560u_firmware

amd ryzen_3_5425u_firmware

amd ryzen_3_5400u_firmware

amd ryzen_3_5125c_firmware

amd ryzen_9_6980hx_firmware

amd ryzen_9_6980hs_firmware

amd ryzen_9_6900hx_firmware

amd ryzen_9_6900hs_firmware

amd ryzen_7_6800h_firmware

amd ryzen_7_6800hs_firmware

amd ryzen_7_6800u_firmware

amd ryzen_5_6600h_firmware

amd ryzen_5_6600hs_firmware

amd ryzen_5_6600u_firmware

amd ryzen_7_7735hs_firmware

amd ryzen_7_7736u_firmware

amd ryzen_7_7735u_firmware

amd ryzen_5_7535hs_firmware

amd ryzen_5_7535u_firmware

amd ryzen_3_7335u_firmware

amd ryzen_7_pro_7730u_firmware

amd ryzen_5_pro_7530u_firmware

amd ryzen_3_pro_7330u_firmware

amd ryzen_9_pro_7640hs_firmware

amd ryzen_9_7940h_firmware

amd ryzen_7_pro_7840hs_firmware

amd ryzen_7_7840h_firmware

amd ryzen_7_7840u_firmware

amd ryzen_5_pro_7640hs_firmware

amd ryzen_5_7640h_firmware

amd ryzen_5_7640u_firmware

amd ryzen_5_7540u_firmware

amd ryzen_3_7440u_firmware

amd ryzen_9_7945hx3d_firmware

amd ryzen_9_7945hx_firmware

amd ryzen_9_7845hx_firmware

amd ryzen_7_7745hx_firmware

amd ryzen_5_7645hx_firmware

amd epyc_7773x_firmware

amd epyc_7763_firmware

amd epyc_7713_firmware

amd epyc_7713p_firmware

amd epyc_7663_firmware

amd epyc_7643_firmware

amd epyc_7573x_firmware

amd epyc_75f3_firmware

amd epyc_7543_firmware

amd epyc_7543p_firmware

amd epyc_7513_firmware

amd epyc_7453_firmware

amd epyc_7473x_firmware

amd epyc_74f3_firmware

amd epyc_7443_firmware

amd epyc_7443p_firmware

amd epyc_7413_firmware

amd epyc_7373x_firmware

amd epyc_73f3_firmware

amd epyc_7343_firmware

amd epyc_7313_firmware

amd epyc_7313p_firmware

amd epyc_72f3_firmware

amd epyc_9124_firmware

amd epyc_9224_firmware

amd epyc_9254_firmware

amd epyc_9334_firmware

amd epyc_9354_firmware

amd epyc_9354p_firmware

amd epyc_9174f_firmware

amd epyc_9184x_firmware

amd epyc_9274f_firmware

amd epyc_9374f_firmware

amd epyc_9384x_firmware

amd epyc_9474f_firmware

amd epyc_9454_firmware

amd epyc_9454p_firmware

amd epyc_9534_firmware

amd epyc_9554_firmware

amd epyc_9554p_firmware

amd epyc_9634_firmware

amd epyc_9654_firmware

amd epyc_9654p_firmware

amd epyc_9684x_firmware

amd epyc_9734_firmware

amd epyc_9754s_firmware

amd epyc_9754_firmware

microsoft windows server 2008 r2

microsoft windows server 2012 r2

microsoft windows server 2008 -

microsoft windows server 2012 -

microsoft windows 10 21h2

microsoft windows 10 1607

microsoft windows 10 22h2

microsoft windows 11 21h2

microsoft windows 11 22h2

microsoft windows 10 1507

microsoft windows 10 1809

microsoft windows server 2016

microsoft windows server 2019

microsoft windows server 2022

Vendor Advisories

Debian Security Advisories: DSA-5475-1 linux -- security update
CVE-2022-40982 Daniel Moghimi discovered Gather Data Sampling (GDS), a hardware vulnerability for Intel CPUs which allows unprivileged speculative access to data which was previously stored in vector registers This mitigation requires updated CPU microcode provided in the intel-microcode package For details please refer to ...
Red Hat: Moderate: linux-firmware security, bug fix, and enhancement update
Synopsis Moderate: linux-firmware security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for linux-firmware is now available for Red Hat Enterprise Linux 8Red Hat Product Secur ...
Red Hat: Important: OpenShift Container Platform 4.12.45 bug fix and security update
概述 Important: OpenShift Container Platform 41245 bug fix and security update 类型/严重性 Security Advisory: Important 标题 Red Hat OpenShift Container Platform release 41245 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShi ...
Red Hat: Important: kernel security update
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a se ...
Red Hat: Moderate: Logging Subsystem 5.8.2 - Red Hat OpenShift security update
Synopsis Moderate: Logging Subsystem 582 - Red Hat OpenShift security update Type/Severity Security Advisory: Moderate Topic Moderate: Logging Subsystem 582 - Red Hat OpenShift security updateRed Hat Product Security has rated this update as having a security impact of moderate A Common Vulnerability Scoring System (CVSS) base score, whi ...
Red Hat: Important: OpenShift Container Platform 4.11.54 bug fix and security update
Synopsis Important: OpenShift Container Platform 41154 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 41154 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift ...
Red Hat: Important: kernel-rt security update
Synopsis Important: kernel-rt security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as havin ...
Red Hat: Important: kernel security update
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a se ...
Red Hat: Moderate: linux-firmware security update
Synopsis Moderate: linux-firmware security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for linux-firmware is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Secur ...
Red Hat: Moderate: linux-firmware security update
Synopsis Moderate: linux-firmware security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for linux-firmware is now available for Red Hat Enterprise Linux 76 Advanced Update SupportRed Hat Product Secur ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Product Securit ...
Red Hat:
Description<!---->A side channel vulnerability was found in hw amd Some AMD CPUs may allow an attacker to influence the return address prediction This issue may result in speculative execution at an attacker-controlled instruction pointer register, potentially leading to information disclosureA side channel vulnerability was found in hw amd Som ...
Citrix Security Bulletins: Citrix Hypervisor Security Bulletin for CVE-2023-20569, CVE-2023-34319 and CVE-2022-40982
&nbsp; ...

Recent Articles

Nearly every AMD CPU since 2017 vulnerable to Inception data-leak attacks
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources It's like a nesting doll of security flaws

AMD processor users, you have another data-leaking vulnerability to deal with: like Zenbleed, this latest hole can be to steal sensitive data from a running vulnerable machine. The flaw (CVE-2023-20569), dubbed Inception in reference to the Christopher Nolan flick about manipulating a person's dreams to achieve a desired outcome in the real world, was disclosed by ETH Zurich academics this week. And yes, it's another speculative-execution-based side-channel that malware or a rogue logged-in user...

Read more...

References

CWE-203https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005http://xenbits.xen.org/xsa/advisory-434.htmlhttp://www.openwall.com/lists/oss-security/2023/08/08/4https://comsec.ethz.ch/research/microarch/inception/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4E4TZNMLYL2KETY23IPA43QXFAVJ46V/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKK3IA63LSKM4EC3TN4UM6DDEIOWEQIG/https://lists.debian.org/debian-lts-announce/2023/08/msg00013.htmlhttps://www.debian.org/security/2023/dsa-5475https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/https://www.debian.org/security/2023/dsa-5475https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700CVE-2022-48689CVE-2024-27956CVE-2023-6363SQLNULL pointer dereferenceCVE-2023-41830CVE-2015-2051arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook