csaf_suse - suse-su-2023:3446-1

suse-su-2023:3446-1

Vulnerability from csaf_suse

Published

2023-08-28 08:56

Modified

2023-08-28 08:56

Summary

Security update for xen

Notes

Title of the patch

Security update for xen

Description of the patch

This update for xen fixes the following issues: - CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. (bsc#1214082, XSA-434) - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling'. (bsc#1214083, XSA-435) - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information. (bsc#1213616, XSA-433)

Patchnames

SUSE-2023-3446,SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3446,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3446,SUSE-SUSE-MicroOS-5.1-2023-3446,SUSE-SUSE-MicroOS-5.2-2023-3446

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for xen",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for xen fixes the following issues:\n\n- CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. (bsc#1214082, XSA-434)\n- CVE-2022-40982: Fixed transient execution attack called \u0027Gather Data Sampling\u0027. (bsc#1214083, XSA-435)\n- CVE-2023-20593: Fixed a ZenBleed issue in \u0027Zen 2\u0027 CPUs that could allow an attacker to potentially access sensitive information. (bsc#1213616, XSA-433)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2023-3446,SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3446,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3446,SUSE-SUSE-MicroOS-5.1-2023-3446,SUSE-SUSE-MicroOS-5.2-2023-3446",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3446-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2023:3446-1",
        "url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233446-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2023:3446-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2023-August/031208.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1027519",
        "url": "https://bugzilla.suse.com/1027519"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204489",
        "url": "https://bugzilla.suse.com/1204489"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1213616",
        "url": "https://bugzilla.suse.com/1213616"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1214082",
        "url": "https://bugzilla.suse.com/1214082"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1214083",
        "url": "https://bugzilla.suse.com/1214083"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-40982 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-40982/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-20569 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-20569/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-20593 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-20593/"
      }
    ],
    "title": "Security update for xen",
    "tracking": {
      "current_release_date": "2023-08-28T08:56:56Z",
      "generator": {
        "date": "2023-08-28T08:56:56Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2023:3446-1",
      "initial_release_date": "2023-08-28T08:56:56Z",
      "revision_history": [
        {
          "date": "2023-08-28T08:56:56Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xen-4.14.6_02-150300.3.51.1.aarch64",
                "product": {
                  "name": "xen-4.14.6_02-150300.3.51.1.aarch64",
                  "product_id": "xen-4.14.6_02-150300.3.51.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-devel-4.14.6_02-150300.3.51.1.aarch64",
                "product": {
                  "name": "xen-devel-4.14.6_02-150300.3.51.1.aarch64",
                  "product_id": "xen-devel-4.14.6_02-150300.3.51.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-doc-html-4.14.6_02-150300.3.51.1.aarch64",
                "product": {
                  "name": "xen-doc-html-4.14.6_02-150300.3.51.1.aarch64",
                  "product_id": "xen-doc-html-4.14.6_02-150300.3.51.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-libs-4.14.6_02-150300.3.51.1.aarch64",
                "product": {
                  "name": "xen-libs-4.14.6_02-150300.3.51.1.aarch64",
                  "product_id": "xen-libs-4.14.6_02-150300.3.51.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-tools-4.14.6_02-150300.3.51.1.aarch64",
                "product": {
                  "name": "xen-tools-4.14.6_02-150300.3.51.1.aarch64",
                  "product_id": "xen-tools-4.14.6_02-150300.3.51.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-tools-domU-4.14.6_02-150300.3.51.1.aarch64",
                "product": {
                  "name": "xen-tools-domU-4.14.6_02-150300.3.51.1.aarch64",
                  "product_id": "xen-tools-domU-4.14.6_02-150300.3.51.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xen-libs-64bit-4.14.6_02-150300.3.51.1.aarch64_ilp32",
                "product": {
                  "name": "xen-libs-64bit-4.14.6_02-150300.3.51.1.aarch64_ilp32",
                  "product_id": "xen-libs-64bit-4.14.6_02-150300.3.51.1.aarch64_ilp32"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64_ilp32"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xen-devel-4.14.6_02-150300.3.51.1.i586",
                "product": {
                  "name": "xen-devel-4.14.6_02-150300.3.51.1.i586",
                  "product_id": "xen-devel-4.14.6_02-150300.3.51.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "xen-libs-4.14.6_02-150300.3.51.1.i586",
                "product": {
                  "name": "xen-libs-4.14.6_02-150300.3.51.1.i586",
                  "product_id": "xen-libs-4.14.6_02-150300.3.51.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "xen-tools-domU-4.14.6_02-150300.3.51.1.i586",
                "product": {
                  "name": "xen-tools-domU-4.14.6_02-150300.3.51.1.i586",
                  "product_id": "xen-tools-domU-4.14.6_02-150300.3.51.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xen-tools-xendomains-wait-disk-4.14.6_02-150300.3.51.1.noarch",
                "product": {
                  "name": "xen-tools-xendomains-wait-disk-4.14.6_02-150300.3.51.1.noarch",
                  "product_id": "xen-tools-xendomains-wait-disk-4.14.6_02-150300.3.51.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xen-4.14.6_02-150300.3.51.1.x86_64",
                "product": {
                  "name": "xen-4.14.6_02-150300.3.51.1.x86_64",
                  "product_id": "xen-4.14.6_02-150300.3.51.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-devel-4.14.6_02-150300.3.51.1.x86_64",
                "product": {
                  "name": "xen-devel-4.14.6_02-150300.3.51.1.x86_64",
                  "product_id": "xen-devel-4.14.6_02-150300.3.51.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-doc-html-4.14.6_02-150300.3.51.1.x86_64",
                "product": {
                  "name": "xen-doc-html-4.14.6_02-150300.3.51.1.x86_64",
                  "product_id": "xen-doc-html-4.14.6_02-150300.3.51.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-libs-4.14.6_02-150300.3.51.1.x86_64",
                "product": {
                  "name": "xen-libs-4.14.6_02-150300.3.51.1.x86_64",
                  "product_id": "xen-libs-4.14.6_02-150300.3.51.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-libs-32bit-4.14.6_02-150300.3.51.1.x86_64",
                "product": {
                  "name": "xen-libs-32bit-4.14.6_02-150300.3.51.1.x86_64",
                  "product_id": "xen-libs-32bit-4.14.6_02-150300.3.51.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-tools-4.14.6_02-150300.3.51.1.x86_64",
                "product": {
                  "name": "xen-tools-4.14.6_02-150300.3.51.1.x86_64",
                  "product_id": "xen-tools-4.14.6_02-150300.3.51.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-tools-domU-4.14.6_02-150300.3.51.1.x86_64",
                "product": {
                  "name": "xen-tools-domU-4.14.6_02-150300.3.51.1.x86_64",
                  "product_id": "xen-tools-domU-4.14.6_02-150300.3.51.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Manager Proxy 4.2",
                "product": {
                  "name": "SUSE Manager Proxy 4.2",
                  "product_id": "SUSE Manager Proxy 4.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-manager-proxy:4.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Manager Server 4.2",
                "product": {
                  "name": "SUSE Manager Server 4.2",
                  "product_id": "SUSE Manager Server 4.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-manager-server:4.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.1",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.1",
                  "product_id": "SUSE Linux Enterprise Micro 5.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-microos:5.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.2",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.2",
                  "product_id": "SUSE Linux Enterprise Micro 5.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-microos:5.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-4.14.6_02-150300.3.51.1.x86_64 as component of SUSE Manager Proxy 4.2",
          "product_id": "SUSE Manager Proxy 4.2:xen-4.14.6_02-150300.3.51.1.x86_64"
        },
        "product_reference": "xen-4.14.6_02-150300.3.51.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Proxy 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-devel-4.14.6_02-150300.3.51.1.x86_64 as component of SUSE Manager Proxy 4.2",
          "product_id": "SUSE Manager Proxy 4.2:xen-devel-4.14.6_02-150300.3.51.1.x86_64"
        },
        "product_reference": "xen-devel-4.14.6_02-150300.3.51.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Proxy 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-4.14.6_02-150300.3.51.1.x86_64 as component of SUSE Manager Proxy 4.2",
          "product_id": "SUSE Manager Proxy 4.2:xen-libs-4.14.6_02-150300.3.51.1.x86_64"
        },
        "product_reference": "xen-libs-4.14.6_02-150300.3.51.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Proxy 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-tools-4.14.6_02-150300.3.51.1.x86_64 as component of SUSE Manager Proxy 4.2",
          "product_id": "SUSE Manager Proxy 4.2:xen-tools-4.14.6_02-150300.3.51.1.x86_64"
        },
        "product_reference": "xen-tools-4.14.6_02-150300.3.51.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Proxy 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-tools-domU-4.14.6_02-150300.3.51.1.x86_64 as component of SUSE Manager Proxy 4.2",
          "product_id": "SUSE Manager Proxy 4.2:xen-tools-domU-4.14.6_02-150300.3.51.1.x86_64"
        },
        "product_reference": "xen-tools-domU-4.14.6_02-150300.3.51.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Proxy 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-tools-xendomains-wait-disk-4.14.6_02-150300.3.51.1.noarch as component of SUSE Manager Proxy 4.2",
          "product_id": "SUSE Manager Proxy 4.2:xen-tools-xendomains-wait-disk-4.14.6_02-150300.3.51.1.noarch"
        },
        "product_reference": "xen-tools-xendomains-wait-disk-4.14.6_02-150300.3.51.1.noarch",
        "relates_to_product_reference": "SUSE Manager Proxy 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-4.14.6_02-150300.3.51.1.x86_64 as component of SUSE Manager Server 4.2",
          "product_id": "SUSE Manager Server 4.2:xen-4.14.6_02-150300.3.51.1.x86_64"
        },
        "product_reference": "xen-4.14.6_02-150300.3.51.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Server 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-devel-4.14.6_02-150300.3.51.1.x86_64 as component of SUSE Manager Server 4.2",
          "product_id": "SUSE Manager Server 4.2:xen-devel-4.14.6_02-150300.3.51.1.x86_64"
        },
        "product_reference": "xen-devel-4.14.6_02-150300.3.51.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Server 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-4.14.6_02-150300.3.51.1.x86_64 as component of SUSE Manager Server 4.2",
          "product_id": "SUSE Manager Server 4.2:xen-libs-4.14.6_02-150300.3.51.1.x86_64"
        },
        "product_reference": "xen-libs-4.14.6_02-150300.3.51.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Server 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-tools-4.14.6_02-150300.3.51.1.x86_64 as component of SUSE Manager Server 4.2",
          "product_id": "SUSE Manager Server 4.2:xen-tools-4.14.6_02-150300.3.51.1.x86_64"
        },
        "product_reference": "xen-tools-4.14.6_02-150300.3.51.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Server 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-tools-domU-4.14.6_02-150300.3.51.1.x86_64 as component of SUSE Manager Server 4.2",
          "product_id": "SUSE Manager Server 4.2:xen-tools-domU-4.14.6_02-150300.3.51.1.x86_64"
        },
        "product_reference": "xen-tools-domU-4.14.6_02-150300.3.51.1.x86_64",
        "relates_to_product_reference": "SUSE Manager Server 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-tools-xendomains-wait-disk-4.14.6_02-150300.3.51.1.noarch as component of SUSE Manager Server 4.2",
          "product_id": "SUSE Manager Server 4.2:xen-tools-xendomains-wait-disk-4.14.6_02-150300.3.51.1.noarch"
        },
        "product_reference": "xen-tools-xendomains-wait-disk-4.14.6_02-150300.3.51.1.noarch",
        "relates_to_product_reference": "SUSE Manager Server 4.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-4.14.6_02-150300.3.51.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
          "product_id": "SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_02-150300.3.51.1.x86_64"
        },
        "product_reference": "xen-libs-4.14.6_02-150300.3.51.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-4.14.6_02-150300.3.51.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
          "product_id": "SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_02-150300.3.51.1.x86_64"
        },
        "product_reference": "xen-libs-4.14.6_02-150300.3.51.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-40982",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-40982"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Proxy 4.2:xen-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Proxy 4.2:xen-devel-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Proxy 4.2:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Proxy 4.2:xen-tools-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Proxy 4.2:xen-tools-domU-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Proxy 4.2:xen-tools-xendomains-wait-disk-4.14.6_02-150300.3.51.1.noarch",
          "SUSE Manager Server 4.2:xen-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Server 4.2:xen-devel-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Server 4.2:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Server 4.2:xen-tools-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Server 4.2:xen-tools-domU-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Server 4.2:xen-tools-xendomains-wait-disk-4.14.6_02-150300.3.51.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-40982",
          "url": "https://www.suse.com/security/cve/CVE-2022-40982"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1206418 for CVE-2022-40982",
          "url": "https://bugzilla.suse.com/1206418"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215674 for CVE-2022-40982",
          "url": "https://bugzilla.suse.com/1215674"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-devel-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-tools-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-tools-domU-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-tools-xendomains-wait-disk-4.14.6_02-150300.3.51.1.noarch",
            "SUSE Manager Server 4.2:xen-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Server 4.2:xen-devel-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Server 4.2:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Server 4.2:xen-tools-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Server 4.2:xen-tools-domU-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Server 4.2:xen-tools-xendomains-wait-disk-4.14.6_02-150300.3.51.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-devel-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-tools-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-tools-domU-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-tools-xendomains-wait-disk-4.14.6_02-150300.3.51.1.noarch",
            "SUSE Manager Server 4.2:xen-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Server 4.2:xen-devel-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Server 4.2:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Server 4.2:xen-tools-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Server 4.2:xen-tools-domU-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Server 4.2:xen-tools-xendomains-wait-disk-4.14.6_02-150300.3.51.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-08-28T08:56:56Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-40982"
    },
    {
      "cve": "CVE-2023-20569",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-20569"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "\n\n\nA side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled\u202faddress, potentially leading to information disclosure.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Proxy 4.2:xen-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Proxy 4.2:xen-devel-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Proxy 4.2:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Proxy 4.2:xen-tools-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Proxy 4.2:xen-tools-domU-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Proxy 4.2:xen-tools-xendomains-wait-disk-4.14.6_02-150300.3.51.1.noarch",
          "SUSE Manager Server 4.2:xen-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Server 4.2:xen-devel-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Server 4.2:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Server 4.2:xen-tools-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Server 4.2:xen-tools-domU-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Server 4.2:xen-tools-xendomains-wait-disk-4.14.6_02-150300.3.51.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-20569",
          "url": "https://www.suse.com/security/cve/CVE-2023-20569"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1213287 for CVE-2023-20569",
          "url": "https://bugzilla.suse.com/1213287"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-devel-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-tools-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-tools-domU-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-tools-xendomains-wait-disk-4.14.6_02-150300.3.51.1.noarch",
            "SUSE Manager Server 4.2:xen-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Server 4.2:xen-devel-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Server 4.2:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Server 4.2:xen-tools-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Server 4.2:xen-tools-domU-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Server 4.2:xen-tools-xendomains-wait-disk-4.14.6_02-150300.3.51.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-devel-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-tools-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-tools-domU-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-tools-xendomains-wait-disk-4.14.6_02-150300.3.51.1.noarch",
            "SUSE Manager Server 4.2:xen-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Server 4.2:xen-devel-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Server 4.2:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Server 4.2:xen-tools-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Server 4.2:xen-tools-domU-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Server 4.2:xen-tools-xendomains-wait-disk-4.14.6_02-150300.3.51.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-08-28T08:56:56Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-20569"
    },
    {
      "cve": "CVE-2023-20593",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-20593"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue in \"Zen 2\" CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Proxy 4.2:xen-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Proxy 4.2:xen-devel-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Proxy 4.2:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Proxy 4.2:xen-tools-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Proxy 4.2:xen-tools-domU-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Proxy 4.2:xen-tools-xendomains-wait-disk-4.14.6_02-150300.3.51.1.noarch",
          "SUSE Manager Server 4.2:xen-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Server 4.2:xen-devel-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Server 4.2:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Server 4.2:xen-tools-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Server 4.2:xen-tools-domU-4.14.6_02-150300.3.51.1.x86_64",
          "SUSE Manager Server 4.2:xen-tools-xendomains-wait-disk-4.14.6_02-150300.3.51.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-20593",
          "url": "https://www.suse.com/security/cve/CVE-2023-20593"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1213286 for CVE-2023-20593",
          "url": "https://bugzilla.suse.com/1213286"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1213616 for CVE-2023-20593",
          "url": "https://bugzilla.suse.com/1213616"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215674 for CVE-2023-20593",
          "url": "https://bugzilla.suse.com/1215674"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-devel-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-tools-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-tools-domU-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-tools-xendomains-wait-disk-4.14.6_02-150300.3.51.1.noarch",
            "SUSE Manager Server 4.2:xen-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Server 4.2:xen-devel-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Server 4.2:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Server 4.2:xen-tools-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Server 4.2:xen-tools-domU-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Server 4.2:xen-tools-xendomains-wait-disk-4.14.6_02-150300.3.51.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.1:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Linux Enterprise Micro 5.2:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-devel-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-tools-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-tools-domU-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Proxy 4.2:xen-tools-xendomains-wait-disk-4.14.6_02-150300.3.51.1.noarch",
            "SUSE Manager Server 4.2:xen-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Server 4.2:xen-devel-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Server 4.2:xen-libs-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Server 4.2:xen-tools-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Server 4.2:xen-tools-domU-4.14.6_02-150300.3.51.1.x86_64",
            "SUSE Manager Server 4.2:xen-tools-xendomains-wait-disk-4.14.6_02-150300.3.51.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-08-28T08:56:56Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-20593"
    }
  ]
}

CVE-2022-40982 (GCVE-0-2022-40982)

Vulnerability from cvelistv5

Published

2023-08-11 02:37

Modified

2025-02-13 16:33

Severity ?

6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE

information disclosure
CWE-1342 - Information exposure through microarchitectural state after transient execution

Summary

Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

References

►

URL

Tags

	http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html
	https://downfall.page
	https://aws.amazon.com/security/security-bulletins/AWS-2023-007/
	https://access.redhat.com/solutions/7027704
	https://xenbits.xen.org/xsa/advisory-435.html
	https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html
	https://security.netapp.com/advisory/ntap-20230811-0001/
	https://www.debian.org/security/2023/dsa-5474
	https://www.debian.org/security/2023/dsa-5475
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OL7WI2TJCWSZIQP2RIOLWHOKLM25M44J/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKREYYTWUY7ZDNIB2N6H5BUJ3LE5VZPE/
	https://lists.debian.org/debian-lts-announce/2023/08/msg00026.html
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/

Impacted products

	Vendor	Product	Version
	n/a	Intel(R) Processors	Version: See references

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:28:42.939Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://xenbits.xen.org/xsa/advisory-435.html"
          },
          {
            "name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html",
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://downfall.page"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-007/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/solutions/7027704"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://xenbits.xen.org/xsa/advisory-435.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230811-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5474"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5475"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OL7WI2TJCWSZIQP2RIOLWHOKLM25M44J/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKREYYTWUY7ZDNIB2N6H5BUJ3LE5VZPE/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00026.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-40982",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-31T20:33:43.011314Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-31T20:43:52.375Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) Processors",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See references"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "information disclosure",
              "lang": "en"
            },
            {
              "cweId": "CWE-1342",
              "description": "Information exposure through microarchitectural state after transient execution",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-27T02:06:52.425Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html",
          "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html"
        },
        {
          "url": "https://downfall.page"
        },
        {
          "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-007/"
        },
        {
          "url": "https://access.redhat.com/solutions/7027704"
        },
        {
          "url": "https://xenbits.xen.org/xsa/advisory-435.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230811-0001/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5474"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5475"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OL7WI2TJCWSZIQP2RIOLWHOKLM25M44J/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKREYYTWUY7ZDNIB2N6H5BUJ3LE5VZPE/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00026.html"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2022-40982",
    "datePublished": "2023-08-11T02:37:05.423Z",
    "dateReserved": "2022-09-27T00:28:29.203Z",
    "dateUpdated": "2025-02-13T16:33:03.126Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20569 (GCVE-0-2023-20569)

Vulnerability from cvelistv5

Published

2023-08-08 17:02

Modified

2024-09-23 03:18

Severity ?

Summary

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.

References

►

URL

Tags

	https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005	vendor-advisory
	http://xenbits.xen.org/xsa/advisory-434.html
	http://www.openwall.com/lists/oss-security/2023/08/08/4
	https://comsec.ethz.ch/research/microarch/inception/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4E4TZNMLYL2KETY23IPA43QXFAVJ46V/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKK3IA63LSKM4EC3TN4UM6DDEIOWEQIG/
	https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html
	https://www.debian.org/security/2023/dsa-5475
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/
	https://security.netapp.com/advisory/ntap-20240605-0006/

Impacted products

Vendor

Product

Version

►

AMD

Ryzen™ 3000 Series Desktop Processors

Version: various

AMD	Ryzen™ PRO 3000 Series Desktop Processors	Version: various
AMD	Ryzen™ 3000 Series Desktop Processors with Radeon™ Graphics	Version: various
AMD	Ryzen™ PRO 3000 Series Processors with Radeon™ Vega Graphics	Version: various
AMD	Athlon™ 3000 Series Processors with Radeon™ Graphics	Version: various
AMD	Athlon™ PRO 3000 Series Processors with Radeon™ Vega Graphics	Version: various
AMD	Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics	Version: various
AMD	Ryzen™ PRO 4000 Series Desktop Processors	Version: various
AMD	Ryzen™ 5000 Series Desktop Processors	Version: various
AMD	Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics	Version: various
	Ryzen™ PRO 5000 Series Desktop Processors	Version: various
AMD	Ryzen™ Threadripper™ 2000 Series Processors	Version: various
AMD	Ryzen™ Threadripper™ 5000 Series Processors	Version: various
AMD	Ryzen™ Threadripper™ 3000 Series Processors	Version: various
AMD	Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics	Version: various
AMD	Ryzen™ 5000 Series Processors with Radeon™ Graphics	Version: various
AMD	Ryzen™ PRO 5000 Series Processors	Version: various
AMD	Ryzen™ 6000 Series Processors with Radeon™ Graphics	Version: various
AMD	Ryzen™ PRO 6000 Series Processors	Version: various
AMD	Ryzen™ 7040 Series Processors with Radeon™ Graphics	Version: various
AMD	Ryzen™ 7000 Series Processors	Version: various
AMD	Ryzen™ 7000 Series Processors with Radeon™ Graphics	Version: various
AMD	1st Gen AMD EPYC™ Processors	Version: various
AMD	2nd Gen AMD EPYC™ Processors	Version: various
AMD	3rd Gen AMD EPYC™ Processors	Version: various
AMD	4th Gen AMD EPYC™ Processors	Version: various

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-23T03:18:32.598Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-434.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/08/08/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://comsec.ethz.ch/research/microarch/inception/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4E4TZNMLYL2KETY23IPA43QXFAVJ46V/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKK3IA63LSKM4EC3TN4UM6DDEIOWEQIG/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5475"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240605-0006/"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Processors with Radeon\u2122 Graphics ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 PRO 3000 Series Processors with Radeon\u2122 Vega Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 4000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processors ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 5000 Series Desktop Processors",
          "vendor": " ",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 2000 Series Processors ",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": " Ryzen\u2122 Threadripper\u2122 5000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 3000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 5000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 PRO 6000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": " ",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7040 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": " 1st Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD ",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "2nd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD EPYC\u2122  Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "platforms": [
            "x86"
          ],
          "product": "4th Gen AMD EPYC\u2122  Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various "
            }
          ]
        }
      ],
      "datePublic": "2023-08-08T16:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA side channel vulnerability on some \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eof the \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAMD CPUs may allow an attacker to influence \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethe \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ereturn address prediction\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. This may\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e result in speculative execution at an attacker-controlled\u202f\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eaddress\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, potentially leading to information disclosure.\u003c/span\u003e\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
            }
          ],
          "value": "\n\n\nA side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled\u202faddress, potentially leading to information disclosure.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-08T17:02:11.318Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005"
        },
        {
          "url": "http://xenbits.xen.org/xsa/advisory-434.html"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/08/08/4"
        },
        {
          "url": "https://comsec.ethz.ch/research/microarch/inception/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4E4TZNMLYL2KETY23IPA43QXFAVJ46V/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKK3IA63LSKM4EC3TN4UM6DDEIOWEQIG/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5475"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240605-0006/"
        }
      ],
      "source": {
        "advisory": "AMD-SB-7005",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20569",
    "datePublished": "2023-08-08T17:02:11.318Z",
    "dateReserved": "2022-10-27T18:53:39.754Z",
    "dateUpdated": "2024-09-23T03:18:32.598Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20593 (GCVE-0-2023-20593)

Vulnerability from cvelistv5

Published

2023-07-24 19:38

Modified

2025-02-13 16:39

Severity ?

Summary

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.

References

►

URL

Tags

	https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7008	vendor-advisory
	http://xenbits.xen.org/xsa/advisory-433.html
	http://www.openwall.com/lists/oss-security/2023/07/24/3
	http://seclists.org/fulldisclosure/2023/Jul/43
	http://www.openwall.com/lists/oss-security/2023/07/25/5
	http://www.openwall.com/lists/oss-security/2023/07/25/6
	http://www.openwall.com/lists/oss-security/2023/07/25/1
	http://www.openwall.com/lists/oss-security/2023/07/25/13
	http://www.openwall.com/lists/oss-security/2023/07/25/17
	http://www.openwall.com/lists/oss-security/2023/07/25/12
	http://www.openwall.com/lists/oss-security/2023/07/25/16
	http://www.openwall.com/lists/oss-security/2023/07/25/14
	http://www.openwall.com/lists/oss-security/2023/07/25/15
	http://www.openwall.com/lists/oss-security/2023/07/26/1
	https://cmpxchg8b.com/zenbleed.html
	https://www.debian.org/security/2023/dsa-5459
	https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html
	https://www.debian.org/security/2023/dsa-5462
	https://www.debian.org/security/2023/dsa-5461
	https://lists.debian.org/debian-lts-announce/2023/07/msg00033.html
	http://www.openwall.com/lists/oss-security/2023/07/31/2
	https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD2G74BXS2SWOE3FIQJ6X76S3A7PDGML/
	http://www.openwall.com/lists/oss-security/2023/08/08/7
	http://www.openwall.com/lists/oss-security/2023/08/08/8
	http://www.openwall.com/lists/oss-security/2023/08/08/6
	http://www.openwall.com/lists/oss-security/2023/08/16/4
	http://www.openwall.com/lists/oss-security/2023/08/16/5
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP6WQO3CDPLE5O635N7TAL5KCZ6HZ4FE/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/
	http://www.openwall.com/lists/oss-security/2023/09/22/9
	http://www.openwall.com/lists/oss-security/2023/09/22/11
	http://www.openwall.com/lists/oss-security/2023/09/25/4
	http://www.openwall.com/lists/oss-security/2023/09/25/7
	https://security.netapp.com/advisory/ntap-20240531-0004/

Impacted products

Vendor

Product

Version

►

AMD

Ryzen™ 3000 Series Desktop Processors “Matisse” AM4

Version: various

AMD	AMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics “Renoir” AM4	Version: various
AMD	3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDT	Version: various
AMD	Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3	Version: various
AMD	Ryzen™ 5000 Series Mobile processors with Radeon™ Graphics “Lucienne”	Version: various
AMD	Ryzen™ 4000 Series Mobile processors with Radeon™ Graphics “Renoir”	Version: various
AMD	Ryzen™ 7020 Series processors “Mendocino” FT6	Version: various
AMD	2nd Gen AMD EPYC™ Processors	Version: various

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:45.858Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7008"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-433.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/24/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Jul/43"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/25/5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/25/6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/25/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/25/13"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/25/17"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/25/12"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/25/16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/25/14"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/25/15"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/26/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cmpxchg8b.com/zenbleed.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5459"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5462"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5461"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00033.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/31/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD2G74BXS2SWOE3FIQJ6X76S3A7PDGML/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/08/08/7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/08/08/8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/08/08/6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/08/16/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/08/16/5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP6WQO3CDPLE5O635N7TAL5KCZ6HZ4FE/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/22/9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/22/11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/25/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/25/7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240531-0004/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20593",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-19T16:07:50.725588Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-209",
                "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-19T16:08:15.479Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 3000 Series Desktop Processors \u201cMatisse\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processors with Radeon\u2122 Graphics \u201cRenoir\u201d AM4",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "3rd Gen AMD Ryzen\u2122 Threadripper\u2122 Processors \u201cCastle Peak\u201d HEDT",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 Threadripper\u2122 PRO Processors \u201cCastle Peak\u201d WS SP3",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 5000 Series Mobile processors with Radeon\u2122 Graphics \u201cLucienne\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 4000 Series Mobile processors with Radeon\u2122 Graphics \u201cRenoir\u201d",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "AGESA",
          "platforms": [
            "x86"
          ],
          "product": "Ryzen\u2122 7020 Series processors \u201cMendocino\u201d FT6",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "packageName": "\u00b5code / AGESA\u2122 firmware",
          "platforms": [
            "x86"
          ],
          "product": "2nd Gen AMD EPYC\u2122 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        }
      ],
      "datePublic": "2023-07-24T19:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(248, 249, 250);\"\u003eAn issue in \u201cZen 2\u201d CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.\u003c/span\u003e\n\n\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "An issue in \u201cZen 2\u201d CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T17:12:11.483Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7008"
        },
        {
          "url": "http://xenbits.xen.org/xsa/advisory-433.html"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/24/3"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2023/Jul/43"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/25/5"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/25/6"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/25/1"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/25/13"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/25/17"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/25/12"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/25/16"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/25/14"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/25/15"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/26/1"
        },
        {
          "url": "https://cmpxchg8b.com/zenbleed.html"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5459"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5462"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5461"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00033.html"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/07/31/2"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD2G74BXS2SWOE3FIQJ6X76S3A7PDGML/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/08/08/7"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/08/08/8"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/08/08/6"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/08/16/4"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/08/16/5"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP6WQO3CDPLE5O635N7TAL5KCZ6HZ4FE/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/22/9"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/22/11"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/25/4"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/09/25/7"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240531-0004/"
        }
      ],
      "source": {
        "advisory": "AMD-SB-7008",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2023-20593",
    "datePublished": "2023-07-24T19:38:43.385Z",
    "dateReserved": "2022-10-27T18:53:39.762Z",
    "dateUpdated": "2025-02-13T16:39:49.154Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2023:3446-1

Vulnerability from csaf_suse

CVE-2022-40982 (GCVE-0-2022-40982)

Vulnerability from cvelistv5

CVE-2023-20569 (GCVE-0-2023-20569)

Vulnerability from cvelistv5

CVE-2023-20593 (GCVE-0-2023-20593)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature